Why dont we encrypt the response and then decrypt in the front-end and set the Crypt Key in the .env . That way we wouldnt have to be worried on who can see the response