diff --git a/nixos/modules/services/video/frigate.nix b/nixos/modules/services/video/frigate.nix
index cc6d8371399f6..52adfa1cac1c3 100644
--- a/nixos/modules/services/video/frigate.nix
+++ b/nixos/modules/services/video/frigate.nix
@@ -178,7 +178,6 @@ in
         set-misc
         vod
       ];
-      recommendedProxySettings = mkDefault true;
       recommendedGzipSettings = mkDefault true;
       mapHashBucketSize = mkDefault 128;
       upstreams = {
@@ -209,6 +208,7 @@ in
           # auth_location.conf
           "/auth" = {
             proxyPass = "http://frigate-api/auth";
+            recommendedProxySettings = true;
             extraConfig = ''
               internal;
 
@@ -313,11 +313,13 @@ in
           };
           "/ws" = {
             proxyPass = "http://frigate-mqtt-ws/";
+            recommendedProxySettings = true;
             proxyWebsockets = true;
             extraConfig = nginxAuthRequest + nginxProxySettings;
           };
           "/live/jsmpeg" = {
             proxyPass = "http://frigate-jsmpeg/";
+            recommendedProxySettings = true;
             proxyWebsockets = true;
             extraConfig = nginxAuthRequest + nginxProxySettings;
           };
@@ -325,6 +327,7 @@ in
           "/live/mse/api/ws" = {
             proxyPass = "http://frigate-go2rtc/api/ws";
             proxyWebsockets = true;
+            recommendedProxySettings = true;
             extraConfig = nginxAuthRequest + nginxProxySettings + ''
               limit_except GET {
                   deny  all;
@@ -334,6 +337,7 @@ in
           "/live/webrtc/api/ws" = {
             proxyPass = "http://frigate-go2rtc/api/ws";
             proxyWebsockets = true;
+            recommendedProxySettings = true;
             extraConfig = nginxAuthRequest + nginxProxySettings + ''
               limit_except GET {
                   deny  all;
@@ -343,6 +347,7 @@ in
           # pass through go2rtc player
           "/live/webrtc/webrtc.html" = {
             proxyPass = "http://frigate-go2rtc/webrtc.html";
+            recommendedProxySettings = true;
             extraConfig = nginxAuthRequest + nginxProxySettings + ''
               limit_except GET {
                   deny  all;
@@ -352,6 +357,7 @@ in
           # frontend uses this to fetch the version
           "/api/go2rtc/api" = {
             proxyPass = "http://frigate-go2rtc/api";
+            recommendedProxySettings = true;
             extraConfig = nginxAuthRequest + nginxProxySettings + ''
               limit_except GET {
                   deny  all;
@@ -362,6 +368,7 @@ in
           "/api/go2rtc/webrtc" = {
             proxyPass = "http://frigate-go2rtc/api/webrtc";
             proxyWebsockets = true;
+            recommendedProxySettings = true;
             extraConfig = nginxAuthRequest + nginxProxySettings + ''
               limit_except GET {
                   deny  all;
@@ -370,12 +377,14 @@ in
           };
           "~* /api/.*\.(jpg|jpeg|png|webp|gif)$" = {
             proxyPass = "http://frigate-api";
+            recommendedProxySettings = true;
             extraConfig = nginxAuthRequest + nginxProxySettings + ''
               rewrite ^/api/(.*)$ $1 break;
             '';
           };
           "/api/" = {
             proxyPass = "http://frigate-api/";
+            recommendedProxySettings = true;
             extraConfig = nginxAuthRequest + nginxProxySettings + ''
               add_header Cache-Control "no-store";
               expires off;