Update security class

data/user.global.php.dist

@@ -139,6 +139,7 @@ return [
         'date_pattern'  => 'dd/MM/yyyy',
     ],
     'security'     => [
+        // Request
         'ip'             => [
             'is_active' => true,
             'whitelist' => [
@@ -178,12 +179,20 @@ return [
             'max_requests'     => 100,
             'rate_limit'       => 60, // Time window in seconds
         ],
-        'account'        => [
-            'attempts' => 5,
-            'ttl'      => 3600,
+        // Response
+        'header'          => [
+            'is_active' => true,
+        ],
+        'escape'          => [
+            'is_active' => true,
         ],
         'compress'        => [
             'is_active' => true,
         ],
+        // Account
+        'account'        => [
+            'attempts' => 5,
+            'ttl'      => 3600,
+        ],
     ],
 ];

src/Middleware/SecurityMiddleware.php

@@ -124,10 +124,17 @@ protected function securityRequestList(): array
 
     protected function securityResponseList(): array
     {
-        return [
-            'header' => new ResponseHeaders($this->config),
-            'escape' => new ResponseEscape($this->config),
-            'compress' => new ResponseCompress($this->config),
-        ];
+        $list = [];
+        if (isset($this->config['header']['is_active']) && $this->config['header']['is_active']) {
+            $list['header'] = new ResponseHeaders($this->config);
+        }
+        if (isset($this->config['escape']['is_active']) && $this->config['escape']['is_active']) {
+            $list['escape'] = new ResponseEscape($this->config);
+        }
+        if (isset($this->config['compress']['is_active']) && $this->config['compress']['is_active']) {
+            $list['compress'] = new ResponseCompress($this->config);
+        }
+
+        return $list;
     }
 }