diff --git a/hosts/blacksteel/Caddyfile b/hosts/blacksteel/Caddyfile
index bb05e95..59d0758 100644
--- a/hosts/blacksteel/Caddyfile
+++ b/hosts/blacksteel/Caddyfile
@@ -1,18 +1,5 @@
 (default) {
 	encode zstd gzip
-
-	header {
-		# https://observatory.mozilla.org/analyze/ny4.dev
-		# https://infosec.mozilla.org/guidelines/web_security
-		# https://caddyserver.com/docs/caddyfile/directives/header#examples
-
-		?Content-Security-Policy "default-src https: blob: 'unsafe-eval' 'unsafe-inline'; object-src 'none'"
-		?Permissions-Policy interest-Hpcohort=()
-		?Strict-Transport-Security max-age=31536000;
-		?X-Content-Type-Options nosniff
-		?X-Frame-Options DENY
-	}
-
 	handle_path /robots.txt {
 		file_server * {
 			root /var/www/robots/robots.txt
diff --git a/hosts/lightsail-tokyo/Caddyfile b/hosts/lightsail-tokyo/Caddyfile
index ba8c3a2..3136ada 100644
--- a/hosts/lightsail-tokyo/Caddyfile
+++ b/hosts/lightsail-tokyo/Caddyfile
@@ -8,19 +8,6 @@
 
 (default) {
 	encode zstd gzip
-
-	header {
-		# https://observatory.mozilla.org/analyze/ny4.dev
-		# https://infosec.mozilla.org/guidelines/web_security
-		# https://caddyserver.com/docs/caddyfile/directives/header#examples
-
-		?Content-Security-Policy "default-src https: blob: 'unsafe-eval' 'unsafe-inline'; object-src 'none'"
-		?Permissions-Policy interest-Hpcohort=()
-		?Strict-Transport-Security max-age=31536000;
-		?X-Content-Type-Options nosniff
-		?X-Frame-Options DENY
-	}
-
 	handle_path /robots.txt {
 		file_server * {
 			root /var/www/robots/robots.txt