SecurityConfig
Defined in: packages/middleware/src/security.ts:14
Security headers configuration
Properties
Section titled “Properties”contentSecurityPolicy?
Section titled “contentSecurityPolicy?”
optionalcontentSecurityPolicy:string|false
Defined in: packages/middleware/src/security.ts:19
Content Security Policy
Default
Section titled “Default”"default-src 'self'"contentTypeOptions?
Section titled “contentTypeOptions?”
optionalcontentTypeOptions:string|false
Defined in: packages/middleware/src/security.ts:25
X-Content-Type-Options header
Default
Section titled “Default”"nosniff"customHeaders?
Section titled “customHeaders?”
optionalcustomHeaders:Record<string,string>
Defined in: packages/middleware/src/security.ts:75
Additional custom headers
frameOptions?
Section titled “frameOptions?”
optionalframeOptions:false|"DENY"|"SAMEORIGIN"
Defined in: packages/middleware/src/security.ts:31
X-Frame-Options header
Default
Section titled “Default”"DENY"
optionalhsts:string|false
Defined in: packages/middleware/src/security.ts:43
Strict-Transport-Security header
Default
Section titled “Default”"max-age=31536000; includeSubDomains"permissionsPolicy?
Section titled “permissionsPolicy?”
optionalpermissionsPolicy:string|false
Defined in: packages/middleware/src/security.ts:64
Permissions-Policy header
Default
Section titled “Default”"geolocation=(), microphone=(), camera=()"poweredBy?
Section titled “poweredBy?”
optionalpoweredBy:string|false
Defined in: packages/middleware/src/security.ts:70
X-Powered-By header (should be removed for security)
Default
Section titled “Default”false (header removed)referrerPolicy?
Section titled “referrerPolicy?”
optionalreferrerPolicy:false|"no-referrer"|"no-referrer-when-downgrade"|"origin"|"origin-when-cross-origin"|"same-origin"|"strict-origin"|"strict-origin-when-cross-origin"|"unsafe-url"
Defined in: packages/middleware/src/security.ts:49
Referrer-Policy header
Default
Section titled “Default”"strict-origin-when-cross-origin"xssProtection?
Section titled “xssProtection?”
optionalxssProtection:string|false
Defined in: packages/middleware/src/security.ts:37
X-XSS-Protection header
Default
Section titled “Default”"1; mode=block"