diff --git a/setup/start/nginx/appconfig.ejs b/setup/start/nginx/appconfig.ejs
index be0249d7d..c8bd2a138 100644
--- a/setup/start/nginx/appconfig.ejs
+++ b/setup/start/nginx/appconfig.ejs
@@ -32,14 +32,19 @@ server {
 
     # https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options
     add_header X-Frame-Options "<%= xFrameOptions %>";
+    proxy_hide_header X-Frame-Options;
 
     # https://github.com/twitter/secureheaders
     # https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#tab=Compatibility_Matrix
     # https://wiki.mozilla.org/Security/Guidelines/Web_Security
     add_header X-XSS-Protection "1; mode=block";
+    proxy_hide_header X-XSS-Protection;
     add_header X-Download-Options "noopen";
+    proxy_hide_header X-Download-Options;
     add_header X-Content-Type-Options "nosniff";
+    proxy_hide_header X-Content-Type-Options;
     add_header X-Permitted-Cross-Domain-Policies "none";
+    proxy_hide_header X-Permitted-Cross-Domain-Policies;
 
     proxy_http_version 1.1;
     proxy_intercept_errors on;
@@ -134,4 +139,3 @@ server {
 <% } %>
     }
 }
-