duplicate X-Frame-Options: SAMEORIGIN in header, triggers no NO SAMEORIGIN Warning in admin panel

Steps to reproduce

1. configure your nginx and add duplicate "add_header X-Frame-Options "SAMEORIGIN"; "
   I know this shouldn't happen, but did in my case
2. check curl -v https://your.nextcloud.here to verify double header
3. login as nextcloud-admin and check security warnings,

Expected behaviour

check for X-Frame-Options "SAMEORIGIN" succeeds if at least found once.
NC < 12 used to behave like this.

Actual behaviour

check fails if header is added multiple times

Server configuration

Operating system:
Freebsd 11.0 release p9

Web server:
nginx 1.12.0_1,2

Database:
MARIADB 10.1.23
PHP version:
PHP 7.1.4

Nextcloud version: (see Nextcloud admin page)
12.0 beta 2

[MorrisJobke]

Check out the release notes: https://docs.nextcloud.com/server/12/admin_manual/release_notes.html

We moved this to the PHP code, because we need to manipulate it more dynamically. Please remove it from your Nginx config.