diff --git a/config.example.yml b/config.example.yml
index a2b0225..a7aefba 100644
--- a/config.example.yml
+++ b/config.example.yml
@@ -38,19 +38,34 @@
 
 entrypoint:
   # Below define an example of middleware config
-  # 1. block non local IP connections
-  # 2. redirect HTTP to HTTPS
+  # 1. set security headers
+  # 2. block non local IP connections
+  # 3. redirect HTTP to HTTPS
   #
-  # middlewares:
-  #   - use: CIDRWhitelist
-  #     allow:
-  #       - "127.0.0.1"
-  #       - "10.0.0.0/8"
-  #       - "172.16.0.0/12"
-  #       - "192.168.0.0/16"
-  #     status: 403
-  #     message: "Forbidden"
-  #   - use: RedirectHTTP
+  middlewares:
+    - use: CloudflareRealIP
+    - use: ModifyResponse
+      set_headers:
+        Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS, HEAD
+        Access-Control-Allow-Headers: "*"
+        Access-Control-Allow-Origin: "*"
+        Access-Control-Max-Age: 180
+        Vary: "*"
+        X-XSS-Protection: 1; mode=block
+        Content-Security-Policy: "object-src 'self'; frame-ancestors 'self';"
+        X-Content-Type-Options: nosniff
+        X-Frame-Options: SAMEORIGIN
+        Referrer-Policy: same-origin
+        Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
+    # - use: CIDRWhitelist
+    #   allow:
+    #     - "127.0.0.1"
+    #     - "10.0.0.0/8"
+    #     - "172.16.0.0/12"
+    #     - "192.168.0.0/16"
+    #   status: 403
+    #   message: "Forbidden"
+    # - use: RedirectHTTP
 
   # below enables access log
   access_log: