diff --git a/ansible/roles/traefik/files/file-provider-main.yml b/ansible/roles/traefik/files/file-provider-main.yml
index 131be53..82cc6b4 100644
--- a/ansible/roles/traefik/files/file-provider-main.yml
+++ b/ansible/roles/traefik/files/file-provider-main.yml
@@ -3,6 +3,14 @@ http:
     compress:
       compress: {}
 
+    secure-headers:
+      headers:
+        stsSeconds: 2592000
+        contentTypeNosniff: true
+        browserXssFilter: true
+        customResponseHeaders:
+          Server: ''
+
     # https://paramdeo.com/blog/opting-your-website-out-of-googles-floc-network
     floc-block:
       headers:
diff --git a/ansible/roles/traefik/files/traefik.yml b/ansible/roles/traefik/files/traefik.yml
index 8005792..239900f 100644
--- a/ansible/roles/traefik/files/traefik.yml
+++ b/ansible/roles/traefik/files/traefik.yml
@@ -17,6 +17,7 @@ entryPoints:
       middlewares:
         - floc-block@file
         - compress@file
+        - secure-headers@file
       tls:
         certResolver: le
         domains: