diff --git a/conf/nginx.conf b/conf/nginx.conf
index 1691095..2e085c9 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -13,23 +13,23 @@ location ^~ __PATH__ {
   }
 
   # Add headers to serve security related headers
-  add_header Strict-Transport-Security "max-age=15768000;";
-  add_header X-Content-Type-Options nosniff;
-  add_header X-XSS-Protection "1; mode=block";
-  add_header X-Robots-Tag none;
-  add_header X-Download-Options noopen;
-  add_header X-Permitted-Cross-Domain-Policies none;
-  add_header Referrer-Policy no-referrer;
+  more_set_headers "Strict-Transport-Security: max-age=15768000";
+  more_set_headers "X-Content-Type-Options: nosniff";
+  more_set_headers "X-XSS-Protection: 1; mode=block";
+  more_set_headers "X-Robots-Tag: none";
+  more_set_headers "X-Download-Options: noopen";
+  more_set_headers "X-Permitted-Cross-Domain-Policies: none";
+  more_set_headers "Referrer-Policy: no-referrer";
 
   # Set max upload size
   client_max_body_size 10G;
   fastcgi_buffers 64 4K;
-  
+
   # Extend timeouts
   client_body_timeout 60m;
   proxy_read_timeout 60m;
   fastcgi_read_timeout 60m;
-  
+
   # Disable gzip to avoid the removal of the ETag header
   gzip off;
 
@@ -78,15 +78,15 @@ location ^~ __PATH__ {
 
   # Adding the cache control header for js and css files
   location ~* \.(?:css|js)$ {
-    add_header Cache-Control "public, max-age=7200";
+    more_set_headers "Cache-Control: public, max-age=7200";
     # Add headers to serve security related headers
-    add_header Strict-Transport-Security "max-age=15768000;";
-    add_header X-Content-Type-Options nosniff;
-    add_header X-XSS-Protection "1; mode=block";
-    add_header X-Robots-Tag none;
-    add_header X-Download-Options noopen;
-    add_header X-Permitted-Cross-Domain-Policies none;
-    add_header Referrer-Policy no-referrer;
+    more_set_headers "Strict-Transport-Security: max-age=15768000";
+    more_set_headers "X-Content-Type-Options: nosniff";
+    more_set_headers "X-XSS-Protection: 1; mode=block";
+    more_set_headers "X-Robots-Tag: none";
+    more_set_headers "X-Download-Options: noopen";
+    more_set_headers "X-Permitted-Cross-Domain-Policies: none";
+    more_set_headers "Referrer-Policy: no-referrer";
 
     # Optional: Don't log access to assets
     access_log off;