security headers are being sent from passbolt application

conf/passbolt.conf

@@ -13,18 +13,6 @@ server {
 
   root /var/www/passbolt;
 
-  # X-Frame-Options is to prevent from clickJacking attack
-  add_header X-Frame-Options SAMEORIGIN;
-
-  #  disable content-type sniffing on some browsers.
-  add_header X-Content-Type-Options nosniff;
-
-  # This header enables the Cross-site scripting (XSS) filter
-  add_header X-XSS-Protection "1; mode=block";
-
-  # This will enforce HTTP browsing into HTTPS and avoid ssl stripping attack
-  add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
-
   location / {
     try_files $uri $uri/ /index.php?$args;
     index index.php;
@@ -58,25 +46,9 @@ server {
   ssl_prefer_server_ciphers on;
   ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
   ssl_session_tickets off;
-  add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
-  add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
-  add_header X-Frame-Options DENY;
-  add_header X-Content-Type-Options nosniff;
 
   root /var/www/passbolt;
 
-  # X-Frame-Options is to prevent from clickJacking attack
-  add_header X-Frame-Options SAMEORIGIN;
-
-  #  disable content-type sniffing on some browsers.
-  add_header X-Content-Type-Options nosniff;
-
-  # This header enables the Cross-site scripting (XSS) filter
-  add_header X-XSS-Protection "1; mode=block";
-
-  # This will enforce HTTP browsing into HTTPS and avoid ssl stripping attack
-  add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
-
   location / {
     try_files $uri $uri/ /index.php?$args;
     index index.php;