4👍
yes, it may cause some conflict in your web server, for example, you have to X-Frame-Options in your response header, I suggest you to not do that. handle you’re in just one level, do whatever you can with the Django and do the rest with your web server (as I know for example Feature-Policy cant be handle in Django cleanly do this with your web server, nonce hash is not easy in web server and you should do it with your Django !)
I don’t know it how much true way, Django deployment checklist suggest do SSL redirection with your web server and
you can use Django-CSP to generate the nonce hash and config your CSP policy, also you can add Feature-Policy to Nginx config by :
add_header Feature-Policy "accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'";
the best practices available on OWASP Secure Headers Project and my git repo and here is link of django secure header config