From bcd1f4b9b24ab82fb4ae890d9d3142088810836f Mon Sep 17 00:00:00 2001
From: Your Name <you@example.com>
Date: Sat, 17 Jan 2026 22:39:01 +0100
Subject: [PATCH] feat: add security headers middleware

Co-authored-by: aider (openai/qwen2.5-coder:32b) <aider@aider.chat>
---
 .../wordpress-security-headers-middleware.yaml      | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/virtualinsanity/wordpress-security-headers-middleware.yaml b/virtualinsanity/wordpress-security-headers-middleware.yaml
index c183c16..3998e02 100644
--- a/virtualinsanity/wordpress-security-headers-middleware.yaml
+++ b/virtualinsanity/wordpress-security-headers-middleware.yaml
@@ -11,3 +11,16 @@ spec:
       X-XSS-Protection: "1; mode=block"
       Referrer-Policy: no-referrer-when-downgrade
       Content-Security-Policy: default-src 'self'
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: wordpress-security-headers
+  namespace: wordpress
+spec:
+  headers:
+    customResponseHeaders:
+      X-Frame-Options: "SAMEORIGIN"
+      X-XSS-Protection: "1; mode=block"
+      X-Content-Type-Options: "nosniff"
+      Referrer-Policy: "no-referrer-when-downgrade"
+      Content-Security-Policy: "default-src 'self'; script-src 'self' https://*.google-analytics.com; object-src 'none'"