res.download(path [, filename] [, fn]) Transfers the file at path as an “attachment”. Typically, browsers will prompt the user for download. By default, the Content-Disposition header “filename=” parameter is path (this typically appears in the browser dialog). Override this default with the filename parameter. When an error ocurrs or transfer is complete, the method calls the optional callback function fn. This method uses res.sendFile() to transfer the file. res.download('/report-12345.pdf');

res.attachment([filename]) Sets the HTTP response Content-Disposition header field to “attachment”. If a filename is given, then it sets the Content-Type based on the extension name via res.type(), and sets the Content-Disposition “filename=” parameter. res.attachment(); // Content-Disposition: attachment res.attachment('path/to/logo.png'); // Content-Disposition: attachment; filename="logo.png" // Content-Type: image/png

res.clearCookie(name [, options]) Clears the cookie specified by name. For details about the options object, see res.cookie(). res.cookie('name', 'tobi', { path: '/admin' }); res.clearCookie('name', { path: '/admin' });

req.xhr A Boolean property that is true if the request’s X-Requested-With header field is “XMLHttpRequest”, indicating that the request was issued by a client library such as jQuery. req.xhr // => true

res.append(field [, value]) res.append() is supported by Express v4.11.0+ Appends the specified value to the HTTP response header field. If the header is not already set, it creates the header with the specified value. The value parameter can be a string or an array. Note: calling res.set() after res.append() will reset the previously-set header value. res.append('Link', ['<http://localhost/>', '<http://localhost:3000/>']); res.append('Set-Cookie', 'foo=bar; Path=/; HttpOnly'); re

res.app This property holds a reference to the instance of the Express application that is using the middleware. res.app is identical to the req.app property in the request object.

req.subdomains An array of subdomains in the domain name of the request. // Host: "tobi.ferrets.example.com" req.subdomains // => ["ferrets", "tobi"]

req.stale Indicates whether the request is “stale,” and is the opposite of req.fresh. For more information, see req.fresh. req.stale // => true

req.signedCookies When using cookie-parser middleware, this property contains signed cookies sent by the request, unsigned and ready for use. Signed cookies reside in a different object to show developer intent; otherwise, a malicious attack could be placed on req.cookie values (which are easy to spoof). Note that signing a cookie does not make it “hidden” or encrypted; but simply prevents tampering (because the secret used to sign is private). If no signed cookies are sent, the property defaul

req.secure A Boolean property that is true if a TLS connection is established. Equivalent to: 'https' == req.protocol;