diff --git a/rootfs/nginx/sites-enabled/nginx.conf b/rootfs/nginx/sites-enabled/nginx.conf
index 7ec66bb..e7b8aa0 100644
--- a/rootfs/nginx/sites-enabled/nginx.conf
+++ b/rootfs/nginx/sites-enabled/nginx.conf
@@ -30,12 +30,11 @@ server {
             access_log off;
         }
 
-        location = /.well-known/carddav {
-            return 301 $nc_proto://$host:$nc_port/remote.php/dav;
-        }
-
-        location = /.well-known/caldav {
-            return 301 $nc_proto://$host:$nc_port/remote.php/dav;
+        location /.well-known {
+            location = /.well-known/carddav   { return 301 $nc_proto://$host:$nc_port/remote.php/dav; }
+            location = /.well-known/caldav    { return 301 $nc_proto://$host:$nc_port/remote.php/dav; }
+            location ^~ /.well-known          { return 301 $nc_proto://$host:$nc_port/index.php$uri; }
+            try_files $uri $uri/ =404;
         }
 
         location / {
@@ -70,14 +69,6 @@ server {
 
         location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
             try_files $uri /index.php$uri$is_args$args;
-            add_header Cache-Control "public, max-age=15778463";
-            add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
-            add_header X-Frame-Options "SAMEORIGIN";
-            add_header X-Content-Type-Options nosniff;
-            add_header X-XSS-Protection "1; mode=block";
-            add_header X-Robots-Tag none;
-            add_header X-Download-Options noopen;
-            add_header X-Permitted-Cross-Domain-Policies none;
             access_log off;
         }