res.cookie(name, value [, options]) Sets cookie name to value. The value parameter may be a string or object converted to JSON. The options parameter is an object that can have the following properties. Property Type Description domain String Domain name for the cookie. Defaults to the domain name of the app. encode Function A synchronous function used for cookie value encoding. Defaults to encodeURIComponent. expires Date Expiry date of the cookie in GMT. If not specified or set to 0, creates

res.clearCookie(name [, options]) Clears the cookie specified by name. For details about the options object, see res.cookie(). res.cookie('name', 'tobi', { path: '/admin' }); res.clearCookie('name', { path: '/admin' });

res.attachment([filename]) Sets the HTTP response Content-Disposition header field to “attachment”. If a filename is given, then it sets the Content-Type based on the extension name via res.type(), and sets the Content-Disposition “filename=” parameter. res.attachment(); // Content-Disposition: attachment res.attachment('path/to/logo.png'); // Content-Disposition: attachment; filename="logo.png" // Content-Type: image/png

res.append(field [, value]) res.append() is supported by Express v4.11.0+ Appends the specified value to the HTTP response header field. If the header is not already set, it creates the header with the specified value. The value parameter can be a string or an array. Note: calling res.set() after res.append() will reset the previously-set header value. res.append('Link', ['<http://localhost/>', '<http://localhost:3000/>']); res.append('Set-Cookie', 'foo=bar; Path=/; HttpOnly'); re

res.app This property holds a reference to the instance of the Express application that is using the middleware. res.app is identical to the req.app property in the request object.

req.xhr A Boolean property that is true if the request’s X-Requested-With header field is “XMLHttpRequest”, indicating that the request was issued by a client library such as jQuery. req.xhr // => true

req.subdomains An array of subdomains in the domain name of the request. // Host: "tobi.ferrets.example.com" req.subdomains // => ["ferrets", "tobi"]

req.stale Indicates whether the request is “stale,” and is the opposite of req.fresh. For more information, see req.fresh. req.stale // => true

req.signedCookies When using cookie-parser middleware, this property contains signed cookies sent by the request, unsigned and ready for use. Signed cookies reside in a different object to show developer intent; otherwise, a malicious attack could be placed on req.cookie values (which are easy to spoof). Note that signing a cookie does not make it “hidden” or encrypted; but simply prevents tampering (because the secret used to sign is private). If no signed cookies are sent, the property defaul

req.secure A Boolean property that is true if a TLS connection is established. Equivalent to: 'https' == req.protocol;