Skip to content

SecurityConfig

Defined in: packages/middleware/src/security.ts:14

Security headers configuration

optional contentSecurityPolicy: string | false

Defined in: packages/middleware/src/security.ts:19

Content Security Policy

"default-src 'self'"

optional contentTypeOptions: string | false

Defined in: packages/middleware/src/security.ts:25

X-Content-Type-Options header

"nosniff"

optional customHeaders: Record<string, string>

Defined in: packages/middleware/src/security.ts:75

Additional custom headers


optional frameOptions: false | "DENY" | "SAMEORIGIN"

Defined in: packages/middleware/src/security.ts:31

X-Frame-Options header

"DENY"

optional hsts: string | false

Defined in: packages/middleware/src/security.ts:43

Strict-Transport-Security header

"max-age=31536000; includeSubDomains"

optional permissionsPolicy: string | false

Defined in: packages/middleware/src/security.ts:64

Permissions-Policy header

"geolocation=(), microphone=(), camera=()"

optional poweredBy: string | false

Defined in: packages/middleware/src/security.ts:70

X-Powered-By header (should be removed for security)

false (header removed)

optional referrerPolicy: false | "no-referrer" | "no-referrer-when-downgrade" | "origin" | "origin-when-cross-origin" | "same-origin" | "strict-origin" | "strict-origin-when-cross-origin" | "unsafe-url"

Defined in: packages/middleware/src/security.ts:49

Referrer-Policy header

"strict-origin-when-cross-origin"

optional xssProtection: string | false

Defined in: packages/middleware/src/security.ts:37

X-XSS-Protection header

"1; mode=block"