diff --git a/app/services/embedded_page_service.rb b/app/services/embedded_page_service.rb
index 9164ac4d94..f2d6021e20 100644
--- a/app/services/embedded_page_service.rb
+++ b/app/services/embedded_page_service.rb
@@ -49,7 +49,8 @@ class EmbeddedPageService
   end
 
   def set_response_headers
-    @response.headers.delete 'X-Frame-Options'
+    @response.headers.except! 'X-Frame-Options'
+    @response.default_headers.except! 'X-Frame-Options'
     @response.headers['Content-Security-Policy'] = "frame-ancestors 'self' #{@embedding_domain}"
   end