diff --git a/etc/nginx/conf.d/sites_nextcloud.conf b/etc/nginx/conf.d/sites_nextcloud.conf
index f50f0e8..7256189 100644
--- a/etc/nginx/conf.d/sites_nextcloud.conf
+++ b/etc/nginx/conf.d/sites_nextcloud.conf
@@ -19,8 +19,6 @@ server {
 
     add_header Cross-Origin-Resource-Policy "same-origin" always;
     add_header Cross-Origin-Opener-Policy "same-origin" always;
-    proxy_hide_header Access-Control-Max-Age;
-    add_header Access-Control-Max-Age "600";
 
     location / {
         proxy_pass http://nextcloud:8080;
diff --git a/etc/nginx/snippets/cross-origin-security.conf b/etc/nginx/snippets/cross-origin-security.conf
index 52f824c..3861307 100644
--- a/etc/nginx/snippets/cross-origin-security.conf
+++ b/etc/nginx/snippets/cross-origin-security.conf
@@ -10,8 +10,4 @@ add_header Cross-Origin-Opener-Policy "same-origin" always;
 # Change COEP to "credentialless" when supported by Safari
 # https://developer.mozilla.org/en-US/docs/Web/API/Window/credentialless
 proxy_hide_header Cross-Origin-Embedder-Policy;
-add_header Cross-Origin-Embedder-Policy "require-corp" always;
-
-# Access-Control-Max-Age
-proxy_hide_header Access-Control-Max-Age;
-add_header Access-Control-Max-Age "600";
\ No newline at end of file
+add_header Cross-Origin-Embedder-Policy "require-corp" always;
\ No newline at end of file
diff --git a/etc/nginx/snippets/security.conf b/etc/nginx/snippets/security.conf
index 67e4b8f..6458c27 100644
--- a/etc/nginx/snippets/security.conf
+++ b/etc/nginx/snippets/security.conf
@@ -13,6 +13,10 @@ add_header X-Content-Type-Options "nosniff" always;
 proxy_hide_header X-Permitted-Cross-Domain-Policies;
 add_header X-Permitted-Cross-Domain-Policies "none" always;
 
+# Access-Control-Max-Age
+proxy_hide_header Access-Control-Max-Age;
+add_header Access-Control-Max-Age "600";
+
 # Obsolete and replaced by Content-Security-Policy frame-ancestors
 # Setting the less restrictive SAMEORIGIN here, as frame-ancestors 'none' will overwrite it anyways
 proxy_hide_header X-Frame-Options;