diff --git a/index.js b/index.js
index 0472242..a079192 100644
--- a/index.js
+++ b/index.js
@@ -1,2 +1 @@
 export {Server} from './lib/server.js'
-export * from './lib/constants.js'
diff --git a/lib/constants.js b/lib/constants.js
index db82b23..ad7243f 100644
--- a/lib/constants.js
+++ b/lib/constants.js
@@ -1,5 +1,5 @@
-/** @constant */
-export const DEFAULT_HEADERS = {
+/** @type {Readonly<Record<string, string>>} */
+export const securityHeaders = {
   /**
    * Ensures that the page can’t be displayed in a frame,
    * regardless of where the request came from.
@@ -51,7 +51,7 @@ export const DEFAULT_HEADERS = {
  *
  * @type {Readonly<Map<string, boolean>>}
  */
-export const REQUEST_HEADERS = new Map([
+export const defaultRequestHeaders = new Map([
   ['Accept', true],
   ['Accept-Charset', true],
   // No `Accept-Encoding` because images (other than from XML or SVG), don’t
@@ -74,7 +74,7 @@ export const REQUEST_HEADERS = new Map([
  *
  * @type {Readonly<Map<string, boolean>>}
  */
-export const RESPONSE_HEADERS = new Map([
+export const defaultResponseHeaders = new Map([
   // `Accept-Ranges` is used by Safari for byte range requests on video:
   ['Accept-Ranges', true],
   ['Cache-Control', true],
@@ -95,7 +95,7 @@ export const RESPONSE_HEADERS = new Map([
  *
  * @type {ReadonlyArray<string>}
  */
-export const IMAGE_MIME_TYPES = [
+export const defaultMimeTypes = [
   'image/bmp',
   'image/cgm',
   'image/g3fax',
diff --git a/lib/safe-http-client.js b/lib/safe-http-client.js
index 409979c..3c70aee 100644
--- a/lib/safe-http-client.js
+++ b/lib/safe-http-client.js
@@ -3,7 +3,7 @@ import dns from 'node:dns/promises'
 import {fetch} from 'undici'
 import ipaddr from 'ipaddr.js'
 
-import {IMAGE_MIME_TYPES} from './constants.js'
+import {defaultMimeTypes} from './constants.js'
 
 export class HttpError extends Error {
   /**
@@ -97,7 +97,7 @@ export class SafeHttpClient {
       throw new HttpError(400, 'Empty content-type header')
     }
 
-    if (!IMAGE_MIME_TYPES.includes(contentType)) {
+    if (!defaultMimeTypes.includes(contentType)) {
       throw new HttpError(400, 'Unsupported content-type returned')
     }
 
diff --git a/lib/server.js b/lib/server.js
index 0ddbbae..fc63d9a 100644
--- a/lib/server.js
+++ b/lib/server.js
@@ -8,9 +8,9 @@ import {Headers} from 'undici'
 
 import {SafeHttpClient, HttpError} from './safe-http-client.js'
 import {
-  DEFAULT_HEADERS,
-  REQUEST_HEADERS,
-  RESPONSE_HEADERS
+  securityHeaders,
+  defaultRequestHeaders,
+  defaultResponseHeaders
 } from './constants.js'
 
 /**
@@ -121,8 +121,8 @@ export class Server extends EventEmitter {
 
     try {
       // TODO: respect forwarded headers (check if not private IP)
-      const filterRequestHeaders = filterHeaders(REQUEST_HEADERS)
-      const filterResponseHeaders = filterHeaders(RESPONSE_HEADERS)
+      const filterRequestHeaders = filterHeaders(defaultRequestHeaders)
+      const filterResponseHeaders = filterHeaders(defaultResponseHeaders)
       const client = new SafeHttpClient(this.config.maxSize)
       const {buffer, headers: resHeaders} = await client.safeFetch(validUrl, {
         // @ts-ignore we can convert req.headers to Headers
@@ -136,7 +136,7 @@ export class Server extends EventEmitter {
       })
 
       const headers = {
-        ...DEFAULT_HEADERS,
+        ...securityHeaders,
         ...filterResponseHeaders(resHeaders),
         Via: this.config.serverName
       }
@@ -193,7 +193,7 @@ export class Server extends EventEmitter {
    * @param {Record<string, string | undefined>} [headers]
    * @private
    */
-  write(res, status, body, headers = DEFAULT_HEADERS) {
+  write(res, status, body, headers = securityHeaders) {
     if (status !== 204) {
       // @ts-expect-error not explicitly typed but possible
       headers['Content-Length'] = Buffer.byteLength(body, 'utf8')
diff --git a/package.json b/package.json
index de93116..c4d9215 100644
--- a/package.json
+++ b/package.json
@@ -28,7 +28,8 @@
     "index.js"
   ],
   "scripts": {
-    "build": "tsc --build --clean && tsc --build",
+    "build": "npm run build:clean && tsc --build",
+    "build-clean": "tsc --build --clean",
     "format": "remark . -qfo && prettier . -w --log-level warn",
     "test": "npm run build && npm run format && npm run test-api",
     "test-api": "node --test test.js"
diff --git a/test.js b/test.js
index ae0bd42..53dca83 100644
--- a/test.js
+++ b/test.js
@@ -7,7 +7,7 @@ import {MockAgent, setGlobalDispatcher, fetch} from 'undici'
 // TODO: use published version of this plugin
 import {camo} from './rehype-github-image/camo.js'
 import {Server} from './index.js'
-import {DEFAULT_HEADERS} from './lib/constants.js'
+import {securityHeaders} from './lib/constants.js'
 
 const host = '127.0.0.1'
 const port = 1080
@@ -44,7 +44,7 @@ function closeTestServer(server) {
 
 /** @param {import('undici').Response} res */
 function testDefaultHeaders(res) {
-  Object.keys(DEFAULT_HEADERS).forEach((key) => {
+  Object.keys(securityHeaders).forEach((key) => {
     assert.ok(res.headers.has(key), key)
   })
 }