diff --git a/deploy/docker/nginx_http_only.conf b/deploy/docker/nginx_http_only.conf
index a4647763..44294c5f 100644
--- a/deploy/docker/nginx_http_only.conf
+++ b/deploy/docker/nginx_http_only.conf
@@ -6,26 +6,6 @@ server {
 
     error_log  /var/log/nginx/mediacms.io.error.log  warn;
 
-    # HSTS header
-    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
-
-    # CSP header
-    add_header Content-Security-Policy "
-        default-src 'self';
-        script-src 'self';
-        style-src 'self';
-        img-src 'self' data: blob:;
-        media-src 'self' blob:;
-        frame-src 'self';
-        font-src 'self';
-        connect-src 'self';
-        object-src 'none';
-        frame-ancestors 'self';
-        form-action 'self';
-        base-uri 'self';
-        upgrade-insecure-requests;
-    " always;
-
     location /static {
         alias /home/mediacms.io/mediacms/static ;
     }
diff --git a/deploy/local_install/mediacms.io b/deploy/local_install/mediacms.io
index 3f978862..10aa6ef6 100644
--- a/deploy/local_install/mediacms.io
+++ b/deploy/local_install/mediacms.io
@@ -17,26 +17,6 @@ server {
 #        rewrite  ^/(.*)$  https://localhost/$1  permanent;
 #    }
 
-    # HSTS header
-    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
-
-    # CSP header
-    add_header Content-Security-Policy "
-        default-src 'self';
-        script-src 'self';
-        style-src 'self';
-        img-src 'self' data: blob:;
-        media-src 'self' blob:;
-        frame-src 'self';
-        font-src 'self';
-        connect-src 'self';
-        object-src 'none';
-        frame-ancestors 'self';
-        form-action 'self';
-        base-uri 'self';
-        upgrade-insecure-requests;
-    " always;
-
     location /static {
         alias /home/mediacms.io/mediacms/static ;
     }