diff --git a/.env.example b/.env.example
index 0c2f9afb9..9504186ea 100644
--- a/.env.example
+++ b/.env.example
@@ -4,8 +4,6 @@ APP_KEY=
 APP_DEBUG=false
 APP_URL=http://localhost
 
-ALLOW_EMBEDS=
-
 FORCE_HTTPS=false
 
 CONTENT_WIDTH=7xl
diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index 4f5558c8d..494c0501b 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -64,7 +64,5 @@ class Kernel extends HttpKernel
         'signed' => \App\Http\Middleware\ValidateSignature::class,
         'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
         'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
-
-        'x-frame-allow' => \App\Http\Middleware\FrameAllowOptions::class,
     ];
 }
diff --git a/app/Http/Middleware/FrameAllowOptions.php b/app/Http/Middleware/FrameAllowOptions.php
deleted file mode 100644
index 2ed0739b8..000000000
--- a/app/Http/Middleware/FrameAllowOptions.php
+++ /dev/null
@@ -1,26 +0,0 @@
-<?php
-
-namespace App\Http\Middleware;
-
-use Closure;
-use Illuminate\Http\Request;
-use Symfony\Component\HttpFoundation\Response;
-
-class FrameAllowOptions
-{
-    /**
-     * Handle an incoming request.
-     *
-     * @param  \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response)  $next
-     */
-    public function handle(Request $request, Closure $next): Response
-    {
-        $response = $next($request);
-
-        if (! blank(config('speedtest.allow_embeds'))) {
-            $response->headers->set('X-Frame-Options', 'ALLOW-FROM '.config('speedtest.allow_embeds'));
-        }
-
-        return $response;
-    }
-}
diff --git a/config/speedtest.php b/config/speedtest.php
index 92c42920f..dfa43d9fb 100644
--- a/config/speedtest.php
+++ b/config/speedtest.php
@@ -23,9 +23,4 @@
     'notification_polling' => env('NOTIFICATION_POLLING', '60s'),
 
     'results_polling' => env('RESULTS_POLLING', null),
-
-    /**
-     * Security
-     */
-    'allow_embeds' => env('ALLOW_EMBEDS', null),
 ];
diff --git a/docker/deploy/etc/nginx/server-opts.d/security.conf b/docker/deploy/etc/nginx/server-opts.d/security.conf
deleted file mode 100644
index bc00d8ab1..000000000
--- a/docker/deploy/etc/nginx/server-opts.d/security.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-#
-# Security Headers
-#
-
-# Prevent IFRAME spoofing attacks
-# Disabled for Speedtest Tracked to be embedded.
-# add_header X-Frame-Options           "SAMEORIGIN" always;
-
-# Prevent MIME attacks
-add_header X-Content-Type-Options    "nosniff" always;
-
-# Prevent Referrer URL from being leaked
-add_header Referrer-Policy           "no-referrer-when-downgrade" always;
-
-# Configure Content Security Policy
-# UPDATE - September 2020: Commenting this out until we grasp better security requirements
-#add_header Content-Security-Policy   "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
-
-# Enable HSTS
-add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
-
-# Prevent access to . files (excent the well-known directory)
-location ~ /\.(?!well-known) {
-    deny all;
-}
diff --git a/routes/web.php b/routes/web.php
index e7e830f7f..fc54d396e 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -15,7 +15,6 @@
 */
 
 Route::get('/', HomeController::class)
-    ->middleware('x-frame-allow')
     ->name('home');
 
 Route::redirect('/login', '/admin/login')