http:
  middlewares:
    headers-policy-domain:
      headers:
        customFrameOptionsValue: "ALLOW-FROM https://example.net"
        contentsecuritypolicy: "frame-ancestors 'self' example.net *.example.net"
        referrerpolicy: "strict-origin-when-cross-origin"