diff --git a/clusters/titan.lan.huizinga.dev/traefik/default-headers.yaml b/clusters/titan.lan.huizinga.dev/traefik/default-headers.yaml
new file mode 100644
index 0000000..846e631
--- /dev/null
+++ b/clusters/titan.lan.huizinga.dev/traefik/default-headers.yaml
@@ -0,0 +1,16 @@
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: default-headers
+  namespace: default
+spec:
+  headers:
+    browserXssFilter: true
+    contentTypeNosniff: true
+    forceSTSHeader: true
+    stsIncludeSubdomains: true
+    stsPreload: true
+    stsSeconds: 15552000
+    customFrameOptionsValue: SAMEORIGIN
+    customRequestHeaders:
+      X-Forwarded-Proto: https
diff --git a/clusters/titan.lan.huizinga.dev/traefik/kustomization.yaml b/clusters/titan.lan.huizinga.dev/traefik/kustomization.yaml
index bfba64e..fdc9852 100644
--- a/clusters/titan.lan.huizinga.dev/traefik/kustomization.yaml
+++ b/clusters/titan.lan.huizinga.dev/traefik/kustomization.yaml
@@ -4,3 +4,4 @@ resources:
   - namespace.yaml
   - helmrepo.yaml
   - traefik.yaml
+  - default-headers.yaml