New creates an instance of the secure middleware using the specified configuration.

WithAllowedHosts is a list of fully qualified domain names that are allowed.

WithBadHostHandler use to when an error occurs (ie bad host).

WithBrowserXssFilter when BrowserXssFilter is true, adds the X-XSS-Protection header with the value `1; mode=block`.

WithContentSecurityPolicy allows the Content-Security-Policy header value to be set with a custom value.

WithContentSecurityPolicyReport when SSLRedirect is set to true, then only allow https requests.

WithContentTypeNosniff when ContentTypeNosniff is true, adds the X-Content-Type-Options header with the value `nosniff`.

WithCustomFrameOptionsValue allows the X-Frame-Options header value to be set with a custom value.

WithDontRedirectIPV4Hostnames when DontRedirectIPV4Hostnames is true, requests to hostnames that are IPV4 addresses aren't redirected.

WithFeaturePolicy is a new header that allows a site to control which features and APIs can be used in the browser.

WithFrameDeny when FrameDeny is set to true, adds the X-Frame-Options header with the value of `DENY`.

WithIENoOpen prevents Internet Explorer from executing downloads in your site’s context.

WithIsDevelopment when true, the whole security policy applied by the middleware is disabled completely.

WithPermissionPolicy use to set HTTP header "Referrer-Policy" governs which referrer information, sent in the Referrer header,/should be included with requests made.

WithReferrerPolicy use to set HTTP header "Referrer-Policy" governs which referrer information, sent in the Referrer header,/should be included with requests made.

WithSSLHost is the host name that is used to redirect http requests to https.

WithSSLProxyHeaders If the request is insecure, treat it as secure if any of the headers in this dict are set to their corresponding value This is useful when your app is running behind a secure proxy that forwards requests to your app over http (such as on Heroku).

WithSSLRedirect when SSLRedirect is set to true, then only allow https requests.

WithSSLTemporaryRedirect when SSLTemporaryRedirect is true, the a 302 will be used while redirecting.

WithSTSIncludeSubdomains when STSIncludeSubdomains is set to true, the `includeSubdomains` will be appended to the Strict-Transport-Security header.

WithSTSSecond is the max-age of the Strict-Transport-Security header.