pub async fn security_headers(req: Request, next: Next) -> ResponseExpand description
Middleware that injects standard HTTP security headers on every response.
Headers set:
X-Content-Type-Options: nosniff— prevents MIME-type sniffingX-Frame-Options: DENY— blocks clickjacking via iframesX-XSS-Protection: 1; mode=block— legacy XSS filter hintStrict-Transport-Security: max-age=63072000; includeSubDomains— enforces HTTPS for 2 yearsContent-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; connect-src 'self'