[tls.options] [tls.options.tls12] minVersion = "VersionTLS12" cipherSuites = [ "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", "TLS_AES_256_GCM_SHA384", "TLS_CHACHA20_POLY1305_SHA256" ] curvePreferences = ["CurveP521","CurveP384"] [http] [http.middlewares.hardening.headers] accessControlAllowOrigin = "origin-list-or-null" accessControlMaxAge = 100 addVaryHeader = true browserXssFilter = true contentTypeNosniff = true forceSTSHeader = true frameDeny = true stsIncludeSubdomains = true stsPreload = true customFrameOptionsValue = "SAMEORIGIN" referrerPolicy = "same-origin" featurePolicy = "vibrate 'self'" stsSeconds = 315360000 [http.middlewares.compression.compress] excludedContentTypes = ["text/event-stream"]