diff --git a/templates/docker-compose.nextcloud.yml.j2 b/templates/docker-compose.nextcloud.yml.j2
index e54b69c..d419b56 100644
--- a/templates/docker-compose.nextcloud.yml.j2
+++ b/templates/docker-compose.nextcloud.yml.j2
@@ -43,18 +43,17 @@ services:
       - "traefik.http.middlewares.nextcloud-rep.redirectregex.regex=https://(.*)/.well-known/(card|cal)dav"
       - "traefik.http.middlewares.nextcloud-rep.redirectregex.replacement=https://$$1/remote.php/dav/"
       - "traefik.http.middlewares.nextcloud-rep.redirectregex.permanent=true"
-      - "traefik.http.middlewares.nextcloud-header.headers.stsIncludeSubdomains=true"
-      - "traefik.http.middlewares.nextcloud-header.headers.stsSeconds=15552000"
-      - "traefik.http.routers.nextcloud.middlewares=nextcloud-rep,nextcloud-header"
-      - "traefik.frontend.headers.SSLRedirect=true"
-      - "traefik.frontend.headers.browserXSSFilter=true"
-      - "traefik.frontend.headers.contentTypeNosniff=true"
-      - "traefik.frontend.headers.forceSTSHeader=true"
-      - "traefik.frontend.headers.STSSeconds=315360000"
-      - "traefik.frontend.headers.STSIncludeSubdomains=true"
-      - "traefik.frontend.headers.STSPreload=true"
-      - "traefik.frontend.headers.frameDeny=true"
-      - "traefik.frontend.passHostHeader=true"
+      - "traefik.http.middlewares.nextcloud-headers.headers.SSLRedirect=true"
+      - "traefik.http.middlewares.nextcloud-headers.headers.browserXSSFilter=true"
+      - "traefik.http.middlewares.nextcloud-headers.headers.contentTypeNosniff=true"
+      - "traefik.http.middlewares.nextcloud-headers.headers.forceSTSHeader=true"
+      - "traefik.http.middlewares.nextcloud-headers.headers.STSSeconds=315360000"
+      - "traefik.http.middlewares.nextcloud-headers.headers.STSIncludeSubdomains=true"
+      - "traefik.http.middlewares.nextcloud-headers.headers.STSPreload=true"
+      - "traefik.http.middlewares.nextcloud-headers.headers.featurePolicy=payment 'none'"
+      - "traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue=SAMEORIGIN"
+      #- "traefik.http.middlewares.nextcloud-headers.headers.contentSecurityPolicy=default-src 'self'; img-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; base-uri 'none'; frame-ancestors 'none'; form-action 'none'; block-all-mixed-content"
+      - "traefik.http.routers.nextcloud.middlewares=nextcloud-rep,nextcloud-headers"
 {% if nextcloud_enable_restic_compose_backup %}
       - "restic-compose-backup.volumes=true"
       - "restic-compose-backup.volumes.include=nextcloud"