# Excluding password

The next issue is extremely easy to solve. In order to avoid sending the password in the response, we just need to perform two simple steps.

In fact, the first step has already been performed, which would be to enable the <mark style="color:blue;">`ClassSerializerInterceptor`</mark> globally. We did this when we used the <mark style="color:blue;">`@Expose()`</mark> decorator for the first time.

So, all that's left to do is to go back to the <mark style="color:purple;">user.entity</mark> file and, over the <mark style="color:blue;">`password`</mark> field, use the <mark style="color:blue;">`@Exclude()`</mark> decorator. Now, this field is not sent in the response anymore.

<mark style="color:green;">**Commit**</mark> - Excluding password from response