diff --git a/docker-compose.yml.sample b/docker-compose.yml.sample
index 2c774fdfdd695e9702bb8b65a367a028549ab2e8..244c195e9ab095062bd641784cfbda652ca066b0 100644
--- a/docker-compose.yml.sample
+++ b/docker-compose.yml.sample
@@ -2,37 +2,43 @@ version: "3.3"
 
 services:
 
-  traefik:
-    image: "traefik:v2.3"
-    container_name: "traefik"
-    ports:
-      - "80:80"
-      - "443:443"
-    volumes:
-      - "./letsencrypt:/letsencrypt"
-      - "/var/run/docker.sock:/var/run/docker.sock:ro"
-      - "./traefik.toml:/etc/traefik/traefik.toml"
-      - "./config:/config"
-      - "./acme.json:/acme.json"
-      - "./log:/var/log"
-    networks:
-      - traefik
-    restart: always
-    labels:
-      - "traefik.enable=true"
-      - "traefik.docker.network=traefik"
-      - "traefik.http.routers.traefikapi.rule=Host(`${HOST}`)"
-      - "traefik.http.routers.traefikapi.service=api@internal"
-      - "traefik.http.routers.traefikapi.tls.certresolver=myresolver"
-      - "traefik.http.routers.traefikapi.entrypoints=web,websecure"
-      - "traefik.http.routers.traefikapi.middlewares=traefikapi@docker" # uncomment me ,auth"
-        # uncomment me - "traefik.http.middlewares.auth.basicauth.users=user:htpassword with $ doubled and final ."
-      - "traefik.http.middlewares.traefikapi.headers.forceSTSHeader=true"
-      - "traefik.http.middlewares.traefikapi.headers.stsIncludeSubdomains=true"
-      - "traefik.http.middlewares.traefikapi.headers.stsSeconds=31536000"
+traefik:
+image: "traefik:v2.3"
+container_name: "traefik"
+ports:
+- "80:80"
+- "443:443"
+volumes:
+- "./letsencrypt:/letsencrypt"
+- "/var/run/docker.sock:/var/run/docker.sock:ro"
+- "./traefik.toml:/etc/traefik/traefik.toml"
+- "./config:/config"
+- "./acme.json:/acme.json"
+- "./log:/var/log"
+networks:
+- traefik
+restart: always
+labels:
+- "traefik.enable=true"
+- "traefik.docker.network=traefik"
+- "traefik.http.routers.traefikapi.rule=Host(`${HOST}`)"
+- "traefik.http.routers.traefikapi.service=api@internal"
+- "traefik.http.routers.traefikapi.tls.certresolver=myresolver"
+- "traefik.http.routers.traefikapi.entrypoints=web,websecure"
+- "traefik.http.routers.traefikapi.middlewares=hardening@docker" # uncomment me ,auth"
+# uncomment me - "traefik.http.middlewares.auth.basicauth.users=user:htpassword with $ doubled and final ."
+- "traefik.http.middlewares.hardening.headers.sslredirect=true"
+- "traefik.http.middlewares.hardening.headers.forceSTSHeader=true"
+- "traefik.http.middlewares.hardening.headers.stsIncludeSubdomains=true"
+- "traefik.http.middlewares.hardening.headers.stsSeconds=15552000"
+- "traefik.http.middlewares.hardening.headers.stsPreload=true"
+- "traefik.http.middlewares.hardening.headers.referrerPolicy=no-referrer"
+- "traefik.http.middlewares.hardening.headers.customFrameOptionsValue=SAMEORIGIN"
+
+
 
 
 networks:
-    traefik:
-        external: true
+traefik:
+external: true