diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 5e401697..a08e780a 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -9,7 +9,7 @@ class ApplicationController < ActionController::Base
   after_action :verify_authorized, except: %i[welcome]
   around_action :mnemosyne_trace
   around_action :switch_locale
-  before_action :set_sentry_context, :allow_iframe_requests, :load_embed_options
+  before_action :set_sentry_context, :load_embed_options
   protect_from_forgery(with: :exception, prepend: true)
   rescue_from Pundit::NotAuthorizedError, with: :render_not_authorized
   rescue_from ActionController::InvalidAuthenticityToken, with: :render_csrf_error
@@ -96,10 +96,6 @@ class ApplicationController < ActionController::Base
     # Show root page
   end
 
-  def allow_iframe_requests
-    response.headers.delete('X-Frame-Options')
-  end
-
   def load_embed_options
     @embed_options = if session[:embed_options].present? && session[:embed_options].is_a?(Hash)
                        session[:embed_options].symbolize_keys