/**
 * Security headers middleware for SSR applications.
 *
 * Adds essential security headers to prevent common attacks:
 * - XSS (Cross-Site Scripting)
 * - Clickjacking
 * - MIME type sniffing
 * - etc.
 */
export interface SecurityHeadersConfig {
    /** Content Security Policy directive */
    contentSecurityPolicy?: string | false;
    /** X-Frame-Options value (DENY, SAMEORIGIN, or ALLOW-FROM) */
    frameOptions?: 'DENY' | 'SAMEORIGIN' | string;
    /** Referrer policy */
    referrerPolicy?: string;
    /** Enable HSTS (HTTP Strict Transport Security) */
    hsts?: boolean | {
        maxAge: number;
        includeSubDomains?: boolean;
    };
    /** Custom headers to add */
    customHeaders?: Record<string, string>;
}
export declare const defaultSecurityHeaders: SecurityHeadersConfig;
/**
 * Generate security headers object.
 * Works with any Node.js framework (Express, Fastify, etc.)
 */
export declare function createSecurityHeaders(config?: SecurityHeadersConfig): Record<string, string>;
/**
 * Fastify plugin for security headers.
 */
export declare function fastifySecurityHeaders(fastify: any, options?: SecurityHeadersConfig): void;
//# sourceMappingURL=security-headers.d.ts.map