diff --git a/horizon/values.yaml b/horizon/values.yaml
index 0190050e8b..38d4aacf04 100644
--- a/horizon/values.yaml
+++ b/horizon/values.yaml
@@ -167,19 +167,17 @@ conf:
       #   Require all denied
       #</DirectoryMatch>
 
-      #
+      #Security-Settings
       # Setting this header will prevent MSIE from interpreting files as something
       # else than declared by the content type in the HTTP headers.
       # Requires mod_headers to be enabled.
       #
-      #Header set X-Content-Type-Options: "nosniff"
-
-      #
+      Header set X-Content-Type-Options: "nosniff"
+      Header set X-Permitted-Cross-Domain-Policies: "none"
       # Setting this header will prevent other sites from embedding pages from this
       # site as frames. This defends against clickjacking attacks.
       # Requires mod_headers to be enabled.
       #
-      #Header set X-Frame-Options: "sameorigin"
     local_settings:
       config:
         # Use "True" and "False" as Titlecase strings with quotes, boolean