diff --git a/src/directives/types.ts b/src/directives/types.ts
index 08e752d1..62f117f6 100644
--- a/src/directives/types.ts
+++ b/src/directives/types.ts
@@ -1,7 +1,7 @@
 /**
  * Represents the configuration for the validation module
  */
-export interface ValidationSettings {
+export type ValidationSettings = {
   /**
    * An array of the allowed kebab-cased directives for a header
    */
@@ -10,7 +10,7 @@ export interface ValidationSettings {
    * An object literal of the parameters that have special formatting. Separators defines the character delineating the directiveKey from the directiveValue: e.g. max-age=12345. Defaults to ' '.
    */
   separators?: { [key: string]: string };
-}
+};
 
 /**
  * Determines whether the header allows multiple directives or only one
diff --git a/src/directives/validation.ts b/src/directives/validation.ts
index 4ae49bf2..b19c46b2 100644
--- a/src/directives/validation.ts
+++ b/src/directives/validation.ts
@@ -146,7 +146,11 @@ export function directiveValidation(
           );
         }
 
-        return format(directiveKey, specificationName, directiveToken);
+        return format(
+          directiveKey,
+          specificationName,
+          directiveToken as string,
+        );
       },
     );
 
diff --git a/src/fortifyHeaders.ts b/src/fortifyHeaders.ts
index a6f70997..2b35dee5 100644
--- a/src/fortifyHeaders.ts
+++ b/src/fortifyHeaders.ts
@@ -1,7 +1,7 @@
 import { FortifyHeaders, FortifySettings, GenerationOptions } from './types';
 import { toHeaderCasing } from './directives/normalize';
 import { getAllHeaders } from './headers';
-import { HeaderFunction } from './headers/types';
+import { FortifyHeader, HeaderFunction } from './headers/types';
 
 /**
  * Builds out a configuration that will generate the defaults. Defaults are generated
@@ -50,7 +50,7 @@ export function fortifyHeaders(
       if (!headerFactory) {
         throw new Error(`${cur} is not a supported header`);
       }
-      const headerResult = headerFactory(directiveValues);
+      const headerResult = headerFactory(directiveValues as FortifyHeader);
       acc[headerName] = headerResult[headerName];
       return acc;
     },
diff --git a/src/headers/content-security-policy/types.ts b/src/headers/content-security-policy/types.ts
index 4ea15cdd..f40a6ad9 100644
--- a/src/headers/content-security-policy/types.ts
+++ b/src/headers/content-security-policy/types.ts
@@ -6,7 +6,7 @@ type SandboxDirective = boolean | string;
  * Represents the user-specified header configuration for Content-Security-Policy
  * see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
  */
-export interface ContentSecurityPolicy extends FortifyHeader {
+export type ContentSecurityPolicy = FortifyHeader & {
   /**
    * Fires a SecurityPolicyViolationEvent.
    */
@@ -103,4 +103,4 @@ export interface ContentSecurityPolicy extends FortifyHeader {
    * Enables a sandbox for the requested resource similar to the <iframe> sandbox attribute.
    */
   sandbox?: SandboxDirective;
-}
+};
diff --git a/src/headers/cross-origin-embedder-policy/types.ts b/src/headers/cross-origin-embedder-policy/types.ts
index a1d90ffd..dbd5412d 100644
--- a/src/headers/cross-origin-embedder-policy/types.ts
+++ b/src/headers/cross-origin-embedder-policy/types.ts
@@ -4,7 +4,7 @@ import { FortifyHeader } from '../types';
  * Represents the user-specified header configuration for Cross-Origin-Embedder-Policy
  * see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Embedder-Policy
  */
-export interface CrossOriginEmbedderPolicy extends FortifyHeader {
+export type CrossOriginEmbedderPolicy = FortifyHeader & {
   /**
    * A document can only load resources from the same origin, or resources explicitly marked as loadable from another origin. If a cross origin resource supports CORS, the crossorigin attribute or the Cross-Origin-Resource-Policy header must be used to load it without being blocked by COEP.
    */
@@ -17,4 +17,4 @@ export interface CrossOriginEmbedderPolicy extends FortifyHeader {
    * Test for google
    */
   credentialless?: boolean;
-}
+};
diff --git a/src/headers/cross-origin-opener-policy/types.ts b/src/headers/cross-origin-opener-policy/types.ts
index 453f1270..4b20600b 100644
--- a/src/headers/cross-origin-opener-policy/types.ts
+++ b/src/headers/cross-origin-opener-policy/types.ts
@@ -4,7 +4,7 @@ import { FortifyHeader } from '../types';
  * Represents the user-specified header configuration for Cross-Origin-Opener-Policy
  * see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Opener-Policy
  */
-export interface CrossOriginOpenerPolicy extends FortifyHeader {
+export type CrossOriginOpenerPolicy = FortifyHeader & {
   /**
    * Isolates the browsing context exclusively to same-origin documents. Cross-origin documents are not loaded in the same browsing context.
    */
@@ -17,4 +17,4 @@ export interface CrossOriginOpenerPolicy extends FortifyHeader {
    * Allows the document to be added to its opener's browsing context group unless the opener itself has a COOP of same-origin or same-origin-allow-popups.
    */
   unsafeNone?: boolean;
-}
+};
diff --git a/src/headers/cross-origin-resource-policy/types.ts b/src/headers/cross-origin-resource-policy/types.ts
index f9eb4fcc..0b725ace 100644
--- a/src/headers/cross-origin-resource-policy/types.ts
+++ b/src/headers/cross-origin-resource-policy/types.ts
@@ -4,7 +4,7 @@ import { FortifyHeader } from '../types';
  * Represents the user-specified header configuration for Cross-Origin-Resource-Policy
  * see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Resource-Policy
  */
-export interface CrossOriginResourcePolicy extends FortifyHeader {
+export type CrossOriginResourcePolicy = FortifyHeader & {
   /**
    * Only requests from the same origin (i.e. scheme + host + port) can read the resource
    */
@@ -17,4 +17,4 @@ export interface CrossOriginResourcePolicy extends FortifyHeader {
    * Requests from any origin (both same-site and cross-site) can read the resource. This is useful when COEP is used (see below).
    */
   crossOrigin?: boolean;
-}
+};
diff --git a/src/headers/expect-ct/types.ts b/src/headers/expect-ct/types.ts
index b0da9b4e..89bc301c 100644
--- a/src/headers/expect-ct/types.ts
+++ b/src/headers/expect-ct/types.ts
@@ -4,7 +4,7 @@ import { FortifyHeader } from '../types';
  * Represents the user-specified header configuration for Expect-CT
  * see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect-CT
  */
-export interface ExpectCt extends FortifyHeader {
+export type ExpectCt = FortifyHeader & {
   /**
    * The number of seconds after reception of the Expect-CT header field during which the user agent should regard the host of the received message as a known Expect-CT host.
    */
@@ -17,4 +17,4 @@ export interface ExpectCt extends FortifyHeader {
    * The URI where the user agent should report Expect-CT failures.
    */
   reportUri?: string;
-}
+};
diff --git a/src/headers/origin-agent-cluster/types.ts b/src/headers/origin-agent-cluster/types.ts
index 5952a18d..7e6fc1c6 100644
--- a/src/headers/origin-agent-cluster/types.ts
+++ b/src/headers/origin-agent-cluster/types.ts
@@ -4,9 +4,9 @@ import { FortifyHeader } from '../types';
  * Represents the user-specified header configuration for Origin-Agent-Cluster
  * see: https://web.dev/origin-agent-cluster/
  */
-export interface OriginAgentCluster extends FortifyHeader {
+export type OriginAgentCluster = FortifyHeader & {
   /**
    * Represents enabling the agent cluster policy
    */
   enable?: boolean;
-}
+};
diff --git a/src/headers/referrer-policy/types.ts b/src/headers/referrer-policy/types.ts
index 7feeea3f..6a7f4f07 100644
--- a/src/headers/referrer-policy/types.ts
+++ b/src/headers/referrer-policy/types.ts
@@ -4,7 +4,7 @@ import { FortifyHeader } from '../types';
  * Represents the user-specified header configuration for Referrer-Policy
  * see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
  */
-export interface ReferrerPolicy extends FortifyHeader {
+export type ReferrerPolicy = FortifyHeader & {
   /**
    * The Referer header will be omitted: sent requests do not include any referrer information.
    */
@@ -37,4 +37,4 @@ export interface ReferrerPolicy extends FortifyHeader {
    * Send the origin, path, and query string when performing any request, regardless of security.
    */
   unsafeUrl?: boolean;
-}
+};
diff --git a/src/headers/strict-transport-security/types.ts b/src/headers/strict-transport-security/types.ts
index ce51f129..66f302dc 100644
--- a/src/headers/strict-transport-security/types.ts
+++ b/src/headers/strict-transport-security/types.ts
@@ -4,7 +4,7 @@ import { FortifyHeader } from '../types';
  * Represents the user-specified header configuration for Strict-Transport-Security
  * see: https://developer.mozilla.org/en-us/docs/web/http/headers/strict-transport-security
  */
-export interface StrictTransportSecurity extends FortifyHeader {
+export type StrictTransportSecurity = FortifyHeader & {
   /**
    * The time, in seconds, that the browser should remember that a site is only to be accessed using HTTPS.
    */
@@ -17,4 +17,4 @@ export interface StrictTransportSecurity extends FortifyHeader {
    * See Preloading Strict Transport Security for details. Not part of the specification.
    */
   preload?: boolean;
-}
+};
diff --git a/src/headers/types.ts b/src/headers/types.ts
index a0b768ee..ff16f050 100644
--- a/src/headers/types.ts
+++ b/src/headers/types.ts
@@ -1,5 +1,5 @@
 // single base interface to simplify generic types
-export interface FortifyHeader {}
+export type FortifyHeader = Record<string, unknown>;
 
 /**
  * The general shape of a header return value
diff --git a/src/headers/x-content-type-options/index.ts b/src/headers/x-content-type-options/index.ts
index 472b13f8..52f4d0dd 100644
--- a/src/headers/x-content-type-options/index.ts
+++ b/src/headers/x-content-type-options/index.ts
@@ -1,6 +1,6 @@
 import { applyDefaultsIfNecessary } from '../../directives/defaults';
 import { directiveValidation } from '../../directives/validation';
-import { XContentTypeOotions } from './types';
+import { XContentTypeOptions } from './types';
 
 const HEADER_NAME = 'X-Content-Type-Options';
 
@@ -11,7 +11,7 @@ const validation = directiveValidation(HEADER_NAME, {
 /**
  * Generates the X-Content-Type-Options header and returns it in an object to the caller. The header only has one option 'nosniff' and this is added by default with the header
  */
-export function xContentTypeOptions(settings: XContentTypeOotions) {
+export function xContentTypeOptions(settings: XContentTypeOptions) {
   const headerConfig = applyDefaultsIfNecessary(settings, {
     nosniff: true,
   });
diff --git a/src/headers/x-content-type-options/types.ts b/src/headers/x-content-type-options/types.ts
index a3692486..cb3c35f3 100644
--- a/src/headers/x-content-type-options/types.ts
+++ b/src/headers/x-content-type-options/types.ts
@@ -4,9 +4,9 @@ import { FortifyHeader } from '../types';
  * Represents the user-specified header configuration for X-Content-Type-Options
  * see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
  */
-export interface XContentTypeOotions extends FortifyHeader {
+export type XContentTypeOptions = FortifyHeader & {
   /**
    * Blocks a request if the request destination is of type style and the MIME type is not text/css, or of type script and the MIME type is not a JavaScript MIME type
    */
   nosniff?: boolean;
-}
+};
diff --git a/src/headers/x-dns-prefetch-control/types.ts b/src/headers/x-dns-prefetch-control/types.ts
index 7701c9dd..92550a58 100644
--- a/src/headers/x-dns-prefetch-control/types.ts
+++ b/src/headers/x-dns-prefetch-control/types.ts
@@ -4,7 +4,7 @@ import { FortifyHeader } from '../types';
  * Represents the user-specified header configuration for X-DNS-Prefetch-Control
  * see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control
  */
-export interface XDnsPrefetchControl extends FortifyHeader {
+export type XDnsPrefetchControl = FortifyHeader & {
   /**
    * Enables DNS prefetching. This is what browsers do, if they support the feature, when this header is not present
    */
@@ -13,4 +13,4 @@ export interface XDnsPrefetchControl extends FortifyHeader {
    * Disables DNS prefetching. This is useful if you don't control the link on the pages, or know that you don't want to leak information to these domains.
    */
   off?: boolean;
-}
+};
diff --git a/src/headers/x-download-options/types.ts b/src/headers/x-download-options/types.ts
index f0a9c421..d65ab8d8 100644
--- a/src/headers/x-download-options/types.ts
+++ b/src/headers/x-download-options/types.ts
@@ -4,9 +4,9 @@ import { FortifyHeader } from '../types';
  * Represents the user-specified header configuration for X-Download-Options
  * see: https://www.nwebsec.com/HttpHeaders/SecurityHeaders/XDownloadOptions#:~:text=The%20X%2DDownload%2DOptions%20is,context%20of%20the%20web%20site.
  */
-export interface XDownloadOptions extends FortifyHeader {
+export type XDownloadOptions = FortifyHeader & {
   /**
    * Instruct IE8 to not open a download directly but to show a Save dialog
    */
   noopen?: boolean;
-}
+};
diff --git a/src/headers/x-frame-options/types.ts b/src/headers/x-frame-options/types.ts
index e8a6ff05..338aaf20 100644
--- a/src/headers/x-frame-options/types.ts
+++ b/src/headers/x-frame-options/types.ts
@@ -4,7 +4,7 @@ import { FortifyHeader } from '../types';
  * Represents the user-specified header configuration for X-Frame-Options
  * see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
  */
-export interface XFrameOptions extends FortifyHeader {
+export type XFrameOptions = FortifyHeader & {
   /**
    * The page can only be displayed in a frame on the same origin as the page itself. The spec leaves it up to browser vendors to decide whether this option applies to the top level, the parent, or the whole chain, although it is argued that the option is not very useful unless all ancestors are also in the same origin
    */
@@ -13,4 +13,4 @@ export interface XFrameOptions extends FortifyHeader {
    * The page cannot be displayed in a frame, regardless of the site attempting to do so.
    */
   deny?: boolean;
-}
+};
diff --git a/src/headers/x-permitted-cross-domain-poilicies/types.ts b/src/headers/x-permitted-cross-domain-poilicies/types.ts
index 97f63bf7..0f5deb76 100644
--- a/src/headers/x-permitted-cross-domain-poilicies/types.ts
+++ b/src/headers/x-permitted-cross-domain-poilicies/types.ts
@@ -4,7 +4,7 @@ import { FortifyHeader } from '../types';
  * Represents the user-specified header configuration for X-Permitted-Cross-Domain-Policies
  * see: https://owasp.org/www-project-secure-headers/#x-permitted-cross-domain-policies
  */
-export interface XPermittedCrossDomainPolicies extends FortifyHeader {
+export type XPermittedCrossDomainPolicies = FortifyHeader & {
   /**
    * No policy files are allowed anywhere on the target server, including this master policy file.
    */
@@ -25,4 +25,4 @@ export interface XPermittedCrossDomainPolicies extends FortifyHeader {
    * All policy files on this target domain are allowed
    */
   all?: boolean;
-}
+};
diff --git a/src/index.ts b/src/index.ts
index b3d71b40..8c9d1a7a 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -5,7 +5,7 @@ export { CrossOriginEmbedderPolicy } from './headers/cross-origin-embedder-polic
 export { CrossOriginResourcePolicy } from './headers/cross-origin-resource-policy/types';
 export { ExpectCt } from './headers/expect-ct/types';
 export { StrictTransportSecurity } from './headers/strict-transport-security/types';
-export { XContentTypeOotions } from './headers/x-content-type-options/types';
+export { XContentTypeOptions } from './headers/x-content-type-options/types';
 export { XDnsPrefetchControl } from './headers/x-dns-prefetch-control/types';
 export { XDownloadOptions } from './headers/x-download-options/types';
 export { XFrameOptions } from './headers/x-frame-options/types';
diff --git a/src/types.ts b/src/types.ts
index 18645c2b..49fa67b3 100644
--- a/src/types.ts
+++ b/src/types.ts
@@ -6,7 +6,8 @@ import { ExpectCt } from './headers/expect-ct/types';
 import { OriginAgentCluster } from './headers/origin-agent-cluster/types';
 import { ReferrerPolicy } from './headers/referrer-policy/types';
 import { StrictTransportSecurity } from './headers/strict-transport-security/types';
-import { XContentTypeOotions } from './headers/x-content-type-options/types';
+import { FortifyHeader } from './headers/types';
+import { XContentTypeOptions } from './headers/x-content-type-options/types';
 import { XDnsPrefetchControl } from './headers/x-dns-prefetch-control/types';
 import { XDownloadOptions } from './headers/x-download-options/types';
 import { XFrameOptions } from './headers/x-frame-options/types';
@@ -15,7 +16,7 @@ import { XPermittedCrossDomainPolicies } from './headers/x-permitted-cross-domai
 /**
  * Represents the primary configuration for FortifyJS
  */
-export type FortifySettings = { [key: string]: object | boolean } & {
+export type FortifySettings = { [key: string]: FortifyHeader | boolean } & {
   /**
    * Configuration for Content-Security-Policy
    */
@@ -51,7 +52,7 @@ export type FortifySettings = { [key: string]: object | boolean } & {
   /**
    * Configuration for X-Content-Type-Options
    */
-  xContentTypeOptions?: XContentTypeOotions | boolean;
+  xContentTypeOptions?: XContentTypeOptions | boolean;
   /**
    * Configuration for X-DNS-Prefetch-Control
    */