diff --git a/src/middleware.ts b/src/middleware.ts
new file mode 100644
index 0000000..96ecb35
--- /dev/null
+++ b/src/middleware.ts
@@ -0,0 +1,42 @@
+import { NextRequest, NextResponse } from 'next/server';
+
+export function middleware(request: NextRequest) {
+  const response = NextResponse.next();
+
+  // Set caching headers for static assets
+  if (request.nextUrl.pathname.startsWith('/images/') ||
+      request.nextUrl.pathname.startsWith('/fonts/') ||
+      request.nextUrl.pathname.match(/\.(js|css|woff|woff2)$/)) {
+    response.headers.set('Cache-Control', 'public, max-age=31536000, immutable');
+  }
+  // Set caching for HTML pages
+  else if (request.nextUrl.pathname.match(/\/$/) || request.nextUrl.pathname.match(/\.html$/)) {
+    response.headers.set('Cache-Control', 'public, max-age=3600, s-maxage=86400');
+  }
+  // Default caching for dynamic content
+  else {
+    response.headers.set('Cache-Control', 'public, max-age=60, s-maxage=300');
+  }
+
+  // Set security headers
+  response.headers.set('X-Content-Type-Options', 'nosniff');
+  response.headers.set('X-Frame-Options', 'SAMEORIGIN');
+  response.headers.set('X-XSS-Protection', '1; mode=block');
+  response.headers.set('Referrer-Policy', 'strict-origin-when-cross-origin');
+
+  return response;
+}
+
+export const config = {
+  matcher: [
+    /*
+     * Match all request paths except for the ones starting with:
+     * - api (API routes)
+     * - _next/static (static files)
+     * - _next/image (image optimization files)
+     * - favicon.ico (favicon file)
+     * - public (public folder)
+     */
+    '/((?!api|_next/static|_next/image|favicon.ico|public).*)',
+  ],
+};