The patched version adds optional response headers:
pip show hpp-middleware
The hpp v6 patched release includes a compatibility mode. You can enable strictMode gradually using the reportOnly flag for monitoring before full enforcement. hpp v6 patched
A pause. Then:
npm install hpp@6.1.2