diff --git a/docker-compose.yml b/docker-compose.yml
index 995e18c..1e9f6f3 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -21,11 +21,23 @@ services:
       - "traefik.http.routers.musica-nucleoriofrio.entrypoints=websecure"
       - "traefik.http.routers.musica-nucleoriofrio.tls.certresolver=letsencrypt"
 
-      # Middlewares: Authentik + headers + body-size
-      - "traefik.http.routers.musica-nucleoriofrio.middlewares=authentik-forward-auth@file,musica-headers@file,musica-body-size@file"
+      # Middlewares (orden: auth -> headers -> body-size)
+      - "traefik.http.routers.musica-nucleoriofrio.middlewares=authentik-forward-auth@file,musica-headers,musica-body-size"
+
+      # Middleware: Headers personalizados
+      - "traefik.http.middlewares.musica-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
+      - "traefik.http.middlewares.musica-headers.headers.customrequestheaders.X-Forwarded-Scheme=https"
+      - "traefik.http.middlewares.musica-headers.headers.customresponseheaders.X-Frame-Options=SAMEORIGIN"
+      - "traefik.http.middlewares.musica-headers.headers.customresponseheaders.X-Content-Type-Options=nosniff"
+      - "traefik.http.middlewares.musica-headers.headers.customresponseheaders.X-XSS-Protection=1; mode=block"
+      - "traefik.http.middlewares.musica-headers.headers.customresponseheaders.Cache-Control=public, max-age=3600"
+
+      # Middleware: Tamaño máximo de body (100MB para subir archivos)
+      - "traefik.http.middlewares.musica-body-size.buffering.maxrequestbodybytes=104857600"
 
       # Service
       - "traefik.http.services.musica-nucleoriofrio-service.loadbalancer.server.port=3000"
+      - "traefik.http.services.musica-nucleoriofrio-service.loadbalancer.passhostheader=true"
 
 networks:
   principal: