diff --git a/docker-compose.yml b/docker-compose.yml
index 13731e5..e06464d 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -15,6 +15,7 @@ services:
             - ./traefik:/etc/traefik:ro
             - configtraefik:/config:ro
         environment:
+            - TRAEFIK_DOMAIN=${TRAEFIK_DOMAIN}
             - TZ=${TZ}
         labels:
             - "traefik.enable=true"
diff --git a/traefik/custom/middlewares.yaml b/traefik/custom/middlewares.yaml
index ceff042..3c400fe 100644
--- a/traefik/custom/middlewares.yaml
+++ b/traefik/custom/middlewares.yaml
@@ -5,9 +5,18 @@ http:
         usersFile: "/etc/traefik/http_auth"
     security-headers:
       headers:
+        forceSTSHeader: true
+        stsIncludeSubdomains: true
+        stsSeconds: 31536000
+
+        sslRedirect: true
+        sslForceHost: true
+        sslHost: '{{env "TRAEFIK_DOMAIN"}}'
+
+        contentSecurityPolicy: "script-src 'self'; img-src 'self'"
+        referrerPolicy: "same-origin"
+        featurePolicy: "vibrate 'self'; geolocation 'self'; midi 'self'; notifications 'self'; push 'self'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'self'; fullscreen 'self'"
+
         frameDeny: true
         contentTypeNosniff: true
         browserXssFilter: true
-        forceSTSHeader: true
-        stsIncludeSubdomains: true
-        stsSeconds: 31536000
\ No newline at end of file