http:
  middlewares:
    headers-policy-self:
      headers:
        contentsecuritypolicy: "script-src 'self'"
        referrerpolicy: "strict-origin-when-cross-origin"