Security Headers Traefik

[whenthelight]

Hey due to a security check , i realize that there should be more security headers active in the traefik config. Max setting to get a min A Rating for now , example dynamic conf. What do you mean of this extra sec option ? :

http:
middlewares:
redirect-to-https:
redirectScheme:
scheme: https
cors:
headers:
accessControlAllowMethods:
- GET
- PUT
- POST
- DELETE
- PATCH
accessControlAllowHeaders:
- Content-Type
- X-CSRF-Token
accessControlAllowOriginList:
- https://pangolin.yourdomain.example
accessControlAllowCredentials: false
# Neue Security Middlewares
default-security-headers:
headers:
browserXssFilter: true
contentTypeNosniff: true
forceSTSHeader: true
frameDeny: true
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 31536000
customFrameOptionsValue: "SAMEORIGIN"
contentSecurityPolicy: "default-src 'self'; script-src 'self' 'nonce-{RANDOM}'; style-src 'self'; img-src 'self' data: https:; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; form-action 'self'"
referrerPolicy: "strict-origin-when-cross-origin"
permissionsPolicy: "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()"
gzip:
compress: {}
# Chain Middleware für kombinierte Security
security-chain:
chain:
middlewares:
- default-security-headers
- gzip
- cors

routers:
main-app-router-redirect:
rule: Host(pangolin.yourdomain.example)
service: next-service
entryPoints:
- web
middlewares:
- redirect-to-https
- cors
- security-chain
next-router:
rule: Host(pangolin.yourdomain.example) && !PathPrefix(/api/v1)
service: next-service
entryPoints:
- websecure
middlewares:
- cors
- security-chain
tls:
certResolver: letsencrypt
domains:
- main: example.com
sans:
- '*.example.com'
api-router:
rule: Host(pangolin.yourdomain.example) && PathPrefix(/api/v1)
service: api-service
entryPoints:
- websecure
middlewares:
- cors
- security-chain
tls:
certResolver: letsencrypt
ws-router:
rule: Host(pangolin.yourdomain.example)
service: api-service
entryPoints:
- websecure
middlewares:
- cors
- security-chain
tls:
certResolver: letsencrypt

services:
next-service:
loadBalancer:
servers:
- url: http://pangolin:3002
api-service:
loadBalancer:
servers:
- url: http://pangolin:3000