Hi, thank you very much Zespri for taking the time to answer make some tests 
About the security headers (browserXssFilter...) i have done different tests with Traefik container itself using Firefox or curl but never saw them (headers) in the http answer. thank you as well to confirm that in your tests you had the same behavior.
Concerning the whitelist middleware, again, thank you because i now understand how they work (block anything but). I know that i can use multiple source ranges but in my use case i would have been really useful if mixing multiple whitelist middllewares work like this : block everything but allow [A (from middleware1) or B (from middleware2) or C(from middleware3)] .
In fact i manage more than 30 networks with different categories of people and depending the network i would allow or not access to services (behind Traefik) we provide. I wanted to use whitelist middlewares as if i go to shopping , service S1 must be accessible from Network N1, N8 and N30 for example, hope you understand what i mean because i am not (at al)l fluent in English.
Again thank you very much Zespri. Hope someone from traefik team can check the problem with the security headers i mentioned not passed to the answer.
Have an nice day.
Regards,
Alexandre