Remove obsolete/uneeded headers suggested by code review

docker/nginx/default.conf

@@ -9,11 +9,8 @@ server {
   try_files $uri /index.php$is_args$args;
 
   # security headers
-  add_header X-XSS-Protection          "1; mode=block" always;
-  add_header X-Content-Type-Options    "nosniff" always;
   add_header Referrer-Policy           "no-referrer-when-downgrade" always;
   add_header Content-Security-Policy   "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
-  add_header Permissions-Policy        "interest-cohort=()" always;
   add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
 
   location ~* \.(css|png|ico|webmanifest|eot|svg|ttf|woff|woff2|txt)$ {