diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml
index 1fda195..ea344e2 100644
--- a/roles/nextcloud/tasks/main.yml
+++ b/roles/nextcloud/tasks/main.yml
@@ -33,7 +33,7 @@
       traefik.http.routers.nextcloud.rule: "Host(`{{ nextcloud_domain }}`)"
       traefik.http.routers.nextcloud.entrypoints: websecure
       traefik.http.routers.nextcloud.tls.certresolver: letsencrypt
-      traefik.http.routers.nextcloud.middlewares: "securehttps@file,nextcloud@file,nextcloud-webdav"
+      traefik.http.routers.nextcloud.middlewares: "securehttps@file,nextcloud-webdav"
       traefik.http.middlewares.nextcloud-webdav.redirectregex.regex: "https://(.*)/.well-known/(card|cal)dav"
       traefik.http.middlewares.nextcloud-webdav.redirectregex.replacement: "https://${1}/remote.php/dav/"
       traefik.http.middlewares.nextcloud-webdav.redirectregex.permanent: "true"
diff --git a/roles/traefik/templates/security.yml.j2 b/roles/traefik/templates/security.yml.j2
index e2c728c..5f6e983 100644
--- a/roles/traefik/templates/security.yml.j2
+++ b/roles/traefik/templates/security.yml.j2
@@ -5,9 +5,6 @@ tls:
 
 http:
   middlewares:
-    nextcloud:
-      headers:
-        customFrameOptionsValue: SAMEORIGIN
     securehttps:
       headers:
         frameDeny: true
@@ -16,3 +13,4 @@ http:
         contentTypeNosniff: true
         stsPreload: {{ traefik_hsts_preload }}
         stsSeconds: {{ traefik_hsts_seconds }}
+        customFrameOptionsValue: SAMEORIGIN