diff --git a/changelog/unreleased/fix-duplicate-csp.md b/changelog/unreleased/fix-duplicate-csp.md
new file mode 100644
index 0000000000..0c6033d180
--- /dev/null
+++ b/changelog/unreleased/fix-duplicate-csp.md
@@ -0,0 +1,5 @@
+Bugfix: Remove duplicate CSP header from responses
+
+The web service was adding a CSP on its own, and that one has been removed. The proxy service will take care of the CSP header.
+
+https://github.com/owncloud/ocis/pull/10146
diff --git a/services/web/pkg/middleware/silentrefresh.go b/services/web/pkg/middleware/silentrefresh.go
deleted file mode 100644
index 703313a1a9..0000000000
--- a/services/web/pkg/middleware/silentrefresh.go
+++ /dev/null
@@ -1,13 +0,0 @@
-package middleware
-
-import (
-	"net/http"
-)
-
-// SilentRefresh allows the oidc client lib to silently refresh the token in an iframe
-func SilentRefresh(next http.Handler) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("Content-Security-Policy", "frame-ancestors 'self'")
-		next.ServeHTTP(w, r)
-	})
-}
diff --git a/services/web/pkg/server/http/server.go b/services/web/pkg/server/http/server.go
index bc8bed9af1..164a020030 100644
--- a/services/web/pkg/server/http/server.go
+++ b/services/web/pkg/server/http/server.go
@@ -16,7 +16,6 @@ import (
 	"github.com/owncloud/ocis/v2/ocis-pkg/x/io/fsx"
 	"github.com/owncloud/ocis/v2/services/web"
 	"github.com/owncloud/ocis/v2/services/web/pkg/apps"
-	webmid "github.com/owncloud/ocis/v2/services/web/pkg/middleware"
 	svc "github.com/owncloud/ocis/v2/services/web/pkg/service/v0"
 )
 
@@ -101,7 +100,6 @@ func Server(opts ...Option) (http.Service, error) {
 			chimiddleware.RequestID,
 			chimiddleware.Compress(5),
 			middleware.NoCache,
-			webmid.SilentRefresh,
 			middleware.Version(
 				options.Config.Service.Name,
 				version.GetString(),