diff --git a/nginx/sites-available/cloud.grupopralog.com.br.conf b/nginx/sites-available/cloud.grupopralog.com.br.conf
index 40da6f0..df3b298 100644
--- a/nginx/sites-available/cloud.grupopralog.com.br.conf
+++ b/nginx/sites-available/cloud.grupopralog.com.br.conf
@@ -99,12 +99,12 @@ server {
     add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
     add_header X-Content-Type-Options "nosniff" always;
     # O header "X-XSS-Protection" foi removido por ser obsoleto.
-    proxy_hide_header "X-Frame-Options"; # Remove o header do backend para evitar duplicidade.
+    proxy_hide_header "X-Frame-Options";
+    proxy_hide_header "Feature-Policy";
     add_header X-Frame-Options "SAMEORIGIN" always;
     add_header Referrer-Policy "no-referrer" always;
     # NOVO: Adiciona a Permissions-Policy para desativar funcionalidades sensíveis.
-    add_header Permissions-Policy "geolocation=(), midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()" always;
-
+    add_header Permissions-Policy "geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(), payment=()" always;
     # --- Bloco de Compressão (sem alterações) ---
     brotli on;
     brotli_comp_level 6;