diff --git a/app/Http/Middleware/XFrameOptions.php b/app/Http/Middleware/XFrameOptions.php
index 9323e30b..a60f2561 100644
--- a/app/Http/Middleware/XFrameOptions.php
+++ b/app/Http/Middleware/XFrameOptions.php
@@ -18,7 +18,7 @@ public function handle(Request $request, Closure $next): Response
         $response = $next($request);
 
         if ($request->route()->getName() == 'embed') {
-            return $response->header('Content-Security-Policy', "default-src 'self'; base-uri 'self'; block-all-mixed-content; frame-src data: blob: *; img-src 'self'; style-src 'unsafe-inline' *;");
+            return $response->header('Content-Security-Policy', 'frame-src data: blob: *');
         } else {
             $xframeOptions = 'SAMEORIGIN';