diff --git a/index.js b/index.js
index 4a1bc1b2..e74fed10 100644
--- a/index.js
+++ b/index.js
@@ -1,49 +1,13 @@
 
-var pkg = require('./package'),
-    app = require('express')();
+var app = require('express')();
 
 /** ----------------------- middleware ----------------------- **/
 
-// generic headers
-app.use(function(req, res, next){
-  res.header('Charset','utf8');
-  res.header('Access-Control-Allow-Origin', '*');
-  res.header('Access-Control-Allow-Methods', 'GET');
-  res.header('Access-Control-Allow-Headers', 'X-Requested-With,content-type');
-  res.header('Access-Control-Allow-Credentials', true);
-  res.header('Server', 'Pelias/'+pkg.version);
-  res.header('X-Powered-By', 'mapzen');
-  next();
-});
-
-// jsonp middleware
-// override json() to handle jsonp
-app.use(function(req, res, next){
-
-  res._json = res.json;
-  res.json = function( data ){
-
-    // jsonp
-    if( req.query && req.query.callback ){
-      res.header('Content-type','application/javascript');
-      return res.send( req.query.callback + '('+ JSON.stringify( data ) + ');' );
-    }
-
-    // regular json
-    res.header('Content-type','application/json');
-    return res._json( data );
-  };
-
-  next();
-});
-
-// enable client-side caching of 60s by default
-app.use(function(req, res, next){
-  res.header('Cache-Control','public,max-age=60');
-  next();
-});
-
-/** ----------------------- Routes ----------------------- **/
+app.use( require('./middleware/headers') );
+app.use( require('./middleware/cors') );
+app.use( require('./middleware/jsonp') );
+
+/** ----------------------- routes ----------------------- **/
 
 // api root
 app.get( '/', require('./controller/index') );
@@ -53,7 +17,6 @@ app.get( '/suggest', require('./sanitiser/suggest'), require('./controller/sugge
 
 /** ----------------------- error middleware ----------------------- **/
 
-// handle application errors
 app.use( require('./middleware/404') );
 app.use( require('./middleware/500') );
 
diff --git a/middleware/cors.js b/middleware/cors.js
new file mode 100644
index 00000000..257bef4b
--- /dev/null
+++ b/middleware/cors.js
@@ -0,0 +1,10 @@
+
+function middleware(req, res, next){
+  res.header('Access-Control-Allow-Origin', '*');
+  res.header('Access-Control-Allow-Methods', 'GET');
+  res.header('Access-Control-Allow-Headers', 'X-Requested-With,content-type');
+  res.header('Access-Control-Allow-Credentials', true);
+  next();
+}
+
+module.exports = middleware;
\ No newline at end of file
diff --git a/middleware/headers.js b/middleware/headers.js
new file mode 100644
index 00000000..4b40dd21
--- /dev/null
+++ b/middleware/headers.js
@@ -0,0 +1,12 @@
+
+var pkg = require('../package');
+
+function middleware(req, res, next){
+  res.header('Charset','utf8');
+  res.header('Cache-Control','public,max-age=60');
+  res.header('Server', 'Pelias/'+pkg.version);
+  res.header('X-Powered-By', 'mapzen');
+  next();
+}
+
+module.exports = middleware;
\ No newline at end of file
diff --git a/middleware/jsonp.js b/middleware/jsonp.js
new file mode 100644
index 00000000..1a54716e
--- /dev/null
+++ b/middleware/jsonp.js
@@ -0,0 +1,24 @@
+
+function middleware(req, res, next){
+
+  // store old json function
+  var json = res.json.bind(res);
+
+  // replace with jsonp aware function
+  res.json = function( data ){
+
+    // jsonp
+    if( req.query && req.query.callback ){
+      res.header('Content-type','application/javascript');
+      return res.send( req.query.callback + '('+ JSON.stringify( data ) + ');' );
+    }
+
+    // regular json
+    res.header('Content-type','application/json');
+    return json( data );
+  };
+
+  next();
+}
+
+module.exports = middleware;
\ No newline at end of file