apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: wordpress-security-headers
  namespace: wordpress
spec:
  headers:
    customResponseHeaders:
      X-Frame-Options: "DENY"
      X-Content-Type-Options: "nosniff"
      X-XSS-Protection: "1; mode=block"
      X-Powered-By: "" # Removes the X-Powered-By header
    # HSTS (Strict-Transport-Security) is often configured at the IngressRoute level or with a dedicated HSTS middleware.
    # For simplicity, I'm keeping it commented out here but it can be added if needed.
    # stsSeconds: 31536000 # 1 year
    # stsIncludeSubdomains: true
    # stsPreload: true