diff --git a/src/metabase/middleware.clj b/src/metabase/middleware.clj
index 839b1d8892505bdbff5c413eb08401ca4f0f22c7..2fed9ec6c520528093f946c5d6ca04878a4c54c1 100644
--- a/src/metabase/middleware.clj
+++ b/src/metabase/middleware.clj
@@ -172,13 +172,14 @@
 (defn- api-security-headers [] ; don't need to include all the nonsense we include with index.html
   (merge (cache-prevention-headers)
          strict-transport-security-header
-         (public-key-pins-header)))
+         ;(public-key-pins-header)
+         ))
 
 (defn- index-page-security-headers []
   (merge (cache-prevention-headers)
          strict-transport-security-header
          content-security-policy-header
-         (public-key-pins-header)
+         ;(public-key-pins-header)
          {"X-Frame-Options"                   "DENY"          ; Tell browsers not to render our site as an iframe (prevent clickjacking)
           "X-XSS-Protection"                  "1; mode=block" ; Tell browser to block suspected XSS attacks
           "X-Permitted-Cross-Domain-Policies" "none"          ; Prevent Flash / PDF files from including content from site.