Express request object (unused)
Express response object to modify headers
Express next function to continue middleware chain
// Usage in main application middleware stack
import { securityHeaders } from '@/shared/middleware/security';
app.use(securityHeaders); // Apply early in middleware stack
Custom Security Headers Middleware
Adds additional security headers beyond what Helmet provides and removes potentially sensitive server information. This middleware complements Helmet by adding custom security headers and implementing security best practices for API responses.
The middleware removes the X-Powered-By header to prevent server fingerprinting and adds several security headers to protect against common web vulnerabilities including content type sniffing, clickjacking, XSS attacks, and information leakage.
Applied early in the middleware stack to ensure all responses include proper security headers regardless of the response path or content type.