http:
  middlewares:
    headers-policy-self:
      headers:
        contentSecurityPolicy: "script-src 'self'"
        referrerPolicy: "strict-origin-when-cross-origin"