diff --git a/pica-traefik/traefik_dynamic.toml b/pica-traefik/traefik_dynamic.toml
index e13177a..d6c41b4 100644
--- a/pica-traefik/traefik_dynamic.toml
+++ b/pica-traefik/traefik_dynamic.toml
@@ -12,7 +12,6 @@
 
 [http]
   [http.middlewares.hardening.headers]
-    addVaryHeader = true
     browserXssFilter = true
     contentTypeNosniff = true
     forceSTSHeader = true
@@ -26,3 +25,10 @@
 
   [http.middlewares.compression.compress]
     excludedContentTypes = ["text/event-stream"]
+
+  [http.middlewares.allowFrameAndCORS.headers]
+    contentSecurityPolicy = "frame-ancestors *"
+    accessControlAllowHeaders = ["*"]
+    accessControlAllowMethods = ["GET", "POST", "OPTIONS"]
+    accessControlAllowOriginList = ["*"]
+    accessControlExposeHeaders = ["*"]