http:
  middlewares:
    security:
      headers:
        frameDeny: true
        contentTypeNosniff: true
        browserXssFilter: true
        referrerPolicy: no-referrer-when-downgrade
        stsSeconds: 31536000
        stsIncludeSubdomains: true
        stsPreload: true