diff --git a/Docs/Tasks.md b/Docs/Tasks.md
index 72f1bf6..51f8347 100644
--- a/Docs/Tasks.md
+++ b/Docs/Tasks.md
@@ -1,46 +1,3 @@
-## TASK-013 — nginx missing security response headers
-
-**Severity:** High
-
-### Where found
-`Docker/nginx.conf` — the server block has no `Content-Security-Policy`, `X-Frame-Options`, `X-Content-Type-Options`, `Referrer-Policy`, or `Strict-Transport-Security` headers.
-
-### Why this is needed
-Without these headers:
-- **No CSP** — injected scripts can run freely (XSS).
-- **No X-Frame-Options** — the app can be embedded in an iframe on an attacker-controlled page (clickjacking).
-- **No X-Content-Type-Options** — browsers may MIME-sniff responses and execute text/plain as JavaScript.
-- **No Referrer-Policy** — internal URLs are leaked in the `Referer` header to third-party resources.
-- **No HSTS** — even with HTTPS configured, browsers will still attempt HTTP first unless told otherwise.
-
-### Goal
-Add all OWASP-recommended security headers to the nginx server block.
-
-### What to do
-Add to the `server` block in `nginx.conf`:
-```nginx
-add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; connect-src 'self'; frame-ancestors 'none';" always;
-add_header X-Frame-Options "DENY" always;
-add_header X-Content-Type-Options "nosniff" always;
-add_header Referrer-Policy "no-referrer" always;
-add_header Permissions-Policy "geolocation=(), microphone=(), camera=()" always;
-# Only add HSTS when HTTPS is confirmed:
-# add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
-```
-
-### Possible traps and issues
-- Fluent UI v9 uses inline `style` attributes — `style-src 'self' 'unsafe-inline'` is required for now. A stricter CSP using nonces would require server-side rendering of the HTML shell.
-- HSTS must only be added when HTTPS is fully configured and working — it is irreversible for the configured `max-age`.
-- Use `always` on `add_header` so headers are also included in error responses (4xx, 5xx).
-
-### Docs changes needed
-- `Architekture.md` — document the nginx security header configuration.
-
-### Doc references
-- [Architekture.md](Architekture.md) — nginx configuration
-
----
-
 ## TASK-014 — `add_log_path` passes arbitrary paths to fail2ban — no allowlist
 
 **Severity:** High