first commit

02-traefik-middleware.yaml

@@ -0,0 +1,17 @@
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: wordpress-security-headers
+  namespace: wordpress
+spec:
+  headers:
+    customResponseHeaders:
+      X-Frame-Options: "DENY"
+      X-Content-Type-Options: "nosniff"
+      X-XSS-Protection: "1; mode=block"
+      X-Powered-By: "" # Removes the X-Powered-By header
+    # HSTS (Strict-Transport-Security) is often configured at the IngressRoute level or with a dedicated HSTS middleware.
+    # For simplicity, I'm keeping it commented out here but it can be added if needed.
+    # stsSeconds: 31536000 # 1 year
+    # stsIncludeSubdomains: true
+    # stsPreload: true