diff --git a/config/docker/nginx.conf b/config/docker/nginx.conf
index 8db49546..9c529346 100644
--- a/config/docker/nginx.conf
+++ b/config/docker/nginx.conf
@@ -25,8 +25,7 @@ http {
           add_header 'X-Frame-Options' 'deny always';
           add_header 'X-XSS-Protection' '"1; mode=block" always';
           add_header 'X-Content-Type-Options' 'nosniff always';
-          add_header 'Content-Security-Policy' '"default-src \'none\'" always';
-          add_header 'Referrer-Policy' 'strict-origin-when-cross-origin always';
+          add_header 'Referrer-Policy' 'strict-origin-when-cross-origin';
 
           # Set access control header
           add_header 'Access-Control-Allow-Origin' '*';
@@ -48,8 +47,7 @@ http {
           add_header 'X-Frame-Options' 'deny always';
           add_header 'X-XSS-Protection' '"1; mode=block" always';
           add_header 'X-Content-Type-Options' 'nosniff always';
-          add_header 'Content-Security-Policy' '"default-src \'none\'" always';
-          add_header 'Referrer-Policy' 'strict-origin-when-cross-origin always';
+          add_header 'Referrer-Policy' 'strict-origin-when-cross-origin';
 
           # Set access control header
           add_header 'Access-Control-Allow-Origin' '*';
@@ -61,8 +59,7 @@ http {
           add_header 'X-Frame-Options' 'deny always';
           add_header 'X-XSS-Protection' '"1; mode=block" always';
           add_header 'X-Content-Type-Options' 'nosniff always';
-          add_header 'Content-Security-Policy' '"default-src \'none\'" always';
-          add_header 'Referrer-Policy' 'strict-origin-when-cross-origin always';
+          add_header 'Referrer-Policy' 'strict-origin-when-cross-origin';
 
           # Set access control header
           add_header 'Access-Control-Allow-Origin' '*';