Plug that adds standard security response headers to all responses.
Sets the following headers:
X-Content-Type-Options: nosniff— prevents MIME-type sniffingX-Frame-Options: DENY— prevents clickjacking via iframesCache-Control: no-store— prevents caching of API responses
Strict-Transport-Security is intentionally omitted because this library
may run behind a reverse proxy that handles TLS. Add it in your own plug
pipeline if needed.