diff --git a/CHANGELOG.md b/CHANGELOG.md
index f52d7ed4f..331c8c8eb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,12 @@
 # Changelog
 
+## Version 23
+
+### v23.0.0
+
+- Publicly exposed interface `CustomHeaderSecurity` is renamed to `HeaderSecurity`;
+- Restrictions have been placed between header names in the middleware `security` declaration and in `input` properties.
+
 ## Version 22
 
 ### v22.4.1
diff --git a/coverage.svg b/coverage.svg
index 3e5d18ccd..5bb55be2e 100644
--- a/coverage.svg
+++ b/coverage.svg
@@ -1 +1 @@
-<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="110" height="20" role="img" aria-label="Coverage: 99.8%"><title>Coverage: 99.8%</title><linearGradient id="s" x2="0" y2="100%"><stop offset="0" stop-color="#bbb" stop-opacity=".1"/><stop offset="1" stop-opacity=".1"/></linearGradient><clipPath id="r"><rect width="110" height="20" rx="3" fill="#fff"/></clipPath><g clip-path="url(#r)"><rect width="63" height="20" fill="#555"/><rect x="63" width="47" height="20" fill="#4c1"/><rect width="110" height="20" fill="url(#s)"/></g><g fill="#fff" text-anchor="middle" font-family="Verdana,Geneva,DejaVu Sans,sans-serif" text-rendering="geometricPrecision" font-size="110"><text aria-hidden="true" x="325" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)" textLength="530">Coverage</text><text x="325" y="140" transform="scale(.1)" fill="#fff" textLength="530">Coverage</text><text aria-hidden="true" x="855" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)" textLength="370">99.8%</text><text x="855" y="140" transform="scale(.1)" fill="#fff" textLength="370">99.8%</text></g></svg>
\ No newline at end of file
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="106" height="20" role="img" aria-label="Coverage: 100%"><title>Coverage: 100%</title><linearGradient id="s" x2="0" y2="100%"><stop offset="0" stop-color="#bbb" stop-opacity=".1"/><stop offset="1" stop-opacity=".1"/></linearGradient><clipPath id="r"><rect width="106" height="20" rx="3" fill="#fff"/></clipPath><g clip-path="url(#r)"><rect width="63" height="20" fill="#555"/><rect x="63" width="43" height="20" fill="#4c1"/><rect width="106" height="20" fill="url(#s)"/></g><g fill="#fff" text-anchor="middle" font-family="Verdana,Geneva,DejaVu Sans,sans-serif" text-rendering="geometricPrecision" font-size="110"><text aria-hidden="true" x="325" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)" textLength="530">Coverage</text><text x="325" y="140" transform="scale(.1)" fill="#fff" textLength="530">Coverage</text><text aria-hidden="true" x="835" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)" textLength="330">100%</text><text x="835" y="140" transform="scale(.1)" fill="#fff" textLength="330">100%</text></g></svg>
\ No newline at end of file
diff --git a/src/index.ts b/src/index.ts
index 15493efd4..04df88e21 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -51,7 +51,7 @@ export type {
   BasicSecurity,
   BearerSecurity,
   CookieSecurity,
-  CustomHeaderSecurity,
+  HeaderSecurity,
   InputSecurity,
   OAuth2Security,
   OpenIdSecurity,
diff --git a/src/migration.ts b/src/migration.ts
index b9f3664f0..3b66ae052 100644
--- a/src/migration.ts
+++ b/src/migration.ts
@@ -6,13 +6,13 @@ import {
 } from "@typescript-eslint/utils";
 
 interface Queries {
-  placeholder: TSESTree.Identifier;
+  headerSecurity: TSESTree.Identifier;
 }
 
 type Listener = keyof Queries;
 
 const queries: Record<Listener, string> = {
-  placeholder: `${NT.Identifier}`,
+  headerSecurity: `${NT.Identifier}[name='CustomHeaderSecurity']`,
 };
 
 const listen = <
@@ -33,10 +33,21 @@ const v23 = ESLintUtils.RuleCreator.withoutDocs({
     type: "problem",
     fixable: "code",
     schema: [],
-    messages: {},
+    messages: {
+      change: "change {{ subject }} from {{ from }} to {{ to }}",
+    },
   },
   defaultOptions: [],
-  create: () => listen({ placeholder: () => {} }),
+  create: (ctx) =>
+    listen({
+      headerSecurity: (node) =>
+        ctx.report({
+          node,
+          messageId: "change",
+          data: { subject: "interface", from: node.name, to: "HeaderSecurity" },
+          fix: (fixer) => fixer.replaceText(node, "HeaderSecurity"),
+        }),
+    }),
 });
 
 /**
diff --git a/src/security.ts b/src/security.ts
index b6e791895..3ea1ee8c5 100644
--- a/src/security.ts
+++ b/src/security.ts
@@ -12,10 +12,9 @@ export interface InputSecurity<K extends string> {
   name: K;
 }
 
-/** @todo add constraints similar to InputSecurity, rename to just HeaderSecurity */
-export interface CustomHeaderSecurity {
+export interface HeaderSecurity<K extends string> {
   type: "header";
-  name: string;
+  name: K;
 }
 
 export interface CookieSecurity {
@@ -90,7 +89,7 @@ export type Security<K extends string = string, S extends string = string> =
   | BasicSecurity
   | BearerSecurity
   | InputSecurity<K>
-  | CustomHeaderSecurity
+  | HeaderSecurity<K>
   | CookieSecurity
   | OpenIdSecurity
   | OAuth2Security<S>;
diff --git a/tests/compat/migration.spec.ts b/tests/compat/migration.spec.ts
index e41bb34c6..c7077defc 100644
--- a/tests/compat/migration.spec.ts
+++ b/tests/compat/migration.spec.ts
@@ -3,6 +3,6 @@ import { readFile } from "node:fs/promises";
 describe("Migration", () => {
   test("should fix the import", async () => {
     const fixed = await readFile("./sample.ts", "utf-8");
-    expect(fixed).toBe(`placeholder\n`);
+    expect(fixed).toBe(`const test: HeaderSecurity = {};\n`);
   });
 });
diff --git a/tests/compat/package.json b/tests/compat/package.json
index 0b55bc46a..fc6b1e04b 100644
--- a/tests/compat/package.json
+++ b/tests/compat/package.json
@@ -11,7 +11,7 @@
   },
   "scripts": {
     "preinstall": "rm -rf node_modules",
-    "pretest": "echo 'placeholder' > sample.ts",
+    "pretest": "echo 'const test: CustomHeaderSecurity = {};' > sample.ts",
     "test": "eslint --fix && vitest --run && rm sample.ts"
   }
 }
diff --git a/tests/unit/__snapshots__/documentation-helpers.spec.ts.snap b/tests/unit/__snapshots__/documentation-helpers.spec.ts.snap
index 885329595..fc14fd7d0 100644
--- a/tests/unit/__snapshots__/documentation-helpers.spec.ts.snap
+++ b/tests/unit/__snapshots__/documentation-helpers.spec.ts.snap
@@ -1013,7 +1013,7 @@ exports[`Documentation helpers > depictSecurity() > should depict OAuth2 Securit
 ]
 `;
 
-exports[`Documentation helpers > depictSecurity() > should handle Basic, Bearer and CustomHeader Securities 1`] = `
+exports[`Documentation helpers > depictSecurity() > should handle Basic, Bearer and Header Securities 1`] = `
 [
   [
     {
diff --git a/tests/unit/__snapshots__/migration.spec.ts.snap b/tests/unit/__snapshots__/migration.spec.ts.snap
index 09846c0bb..3fa49054d 100644
--- a/tests/unit/__snapshots__/migration.spec.ts.snap
+++ b/tests/unit/__snapshots__/migration.spec.ts.snap
@@ -8,7 +8,9 @@ exports[`Migration > should consist of one rule being the major version of the p
       "defaultOptions": [],
       "meta": {
         "fixable": "code",
-        "messages": {},
+        "messages": {
+          "change": "change {{ subject }} from {{ from }} to {{ to }}",
+        },
         "schema": [],
         "type": "problem",
       },
diff --git a/tests/unit/documentation-helpers.spec.ts b/tests/unit/documentation-helpers.spec.ts
index a2708c23a..05ccadf5f 100644
--- a/tests/unit/documentation-helpers.spec.ts
+++ b/tests/unit/documentation-helpers.spec.ts
@@ -816,7 +816,7 @@ describe("Documentation helpers", () => {
   });
 
   describe("depictSecurity()", () => {
-    test("should handle Basic, Bearer and CustomHeader Securities", () => {
+    test("should handle Basic, Bearer and Header Securities", () => {
       expect(
         depictSecurity([
           [{ type: "basic" }, { type: "bearer" }],
diff --git a/tests/unit/index.spec.ts b/tests/unit/index.spec.ts
index 282f4d5e6..c7210df8c 100644
--- a/tests/unit/index.spec.ts
+++ b/tests/unit/index.spec.ts
@@ -9,7 +9,7 @@ import {
   BearerSecurity,
   CommonConfig,
   CookieSecurity,
-  CustomHeaderSecurity,
+  HeaderSecurity,
   Depicter,
   FlatObject,
   IOSchema,
@@ -74,7 +74,7 @@ describe("Index Entrypoint", () => {
       expectTypeOf<{
         type: "header";
         name: "some";
-      }>().toMatchTypeOf<CustomHeaderSecurity>();
+      }>().toMatchTypeOf<HeaderSecurity<string>>();
       expectTypeOf<{ type: "input"; name: "some" }>().toMatchTypeOf<
         InputSecurity<string>
       >();
diff --git a/tests/unit/migration.spec.ts b/tests/unit/migration.spec.ts
index 2a9d4ad15..e0d5cf7dd 100644
--- a/tests/unit/migration.spec.ts
+++ b/tests/unit/migration.spec.ts
@@ -1,17 +1,15 @@
 import { RuleTester } from "@typescript-eslint/rule-tester";
 import migration from "../../src/migration";
-// import parser from "@typescript-eslint/parser";
+import parser from "@typescript-eslint/parser";
 import { version } from "../../package.json";
 
 RuleTester.afterAll = afterAll;
 RuleTester.describe = describe;
 RuleTester.it = it;
 
-/*
 const tester = new RuleTester({
   languageOptions: { parser },
 });
-*/
 
 describe("Migration", () => {
   test("should consist of one rule being the major version of the package", () => {
@@ -19,10 +17,23 @@ describe("Migration", () => {
     expect(migration).toMatchSnapshot();
   });
 
-  /*
   tester.run("v23", migration.rules.v23, {
-    valid: [],
-    invalid: [],
+    valid: [`import { HeaderSecurity } from "express-zod-api";`],
+    invalid: [
+      {
+        code: `const security: CustomHeaderSecurity = {};`,
+        output: `const security: HeaderSecurity = {};`,
+        errors: [
+          {
+            messageId: "change",
+            data: {
+              subject: "interface",
+              from: "CustomHeaderSecurity",
+              to: "HeaderSecurity",
+            },
+          },
+        ],
+      },
+    ],
   });
-  */
 });