There is a iframe tag whose src (N page) is not same origin in a WordPress page.
I have checked that N page's http header includes
X-Frame-Options: ALLOW-FROM *.mydomain.com;
Content-Security-Policy: frame-ancestors *.mydomain.com
X-XSS-protection: 0
which are totally ovewrited by proxy_hide_header and Set-Cookie header is hided by proxy_hide_header, too.
But it's still not working in IE 11 but working in chrome or safari.
I don't know why..
Thank you for @Alexey Ten
X-Frame-Options ALLOW-FROM needs URI format.
I tested and it works in IE11,10,9 & 8.
My nginx.conf has only
proxy_hide_header 'X-Frame-Options'; # this should be needed
add_header 'X-Frame-Options' 'ALLOW-FROM http://sub.example.com';
add_header 'Content-Security-Policy' 'frame-ancestors http://sub.example.com';