####################
# - Default Middlewares
####################
[http.middlewares.default.chain]
middlewares = [
	"default-security-headers",
]

####################
# - Middleware: Default Security Headers
####################
[http.middlewares.default-security-headers.headers]
browserXssFilter = true  # X-XSS-Protection=1; mode=block
contentTypeNosniff = true  # X-Content-Type-Options=nosniff
forceSTSHeader = true  # Add STS even when using HTTP.
frameDeny = true  # X-Frame-Options=deny
referrerPolicy = "strict-origin-when-cross-origin"
sslRedirect = true  # Allow only https requests
stsIncludeSubdomains = true  # Add includeSubdomains to STS header
stsPreload = true  # Add preload flag appended to STS header
stsSeconds = 63072000  # Set max-age of STS header (2 years)