diff --git a/install/package.json b/install/package.json
index 07d665ecc2..33d8fcdee1 100644
--- a/install/package.json
+++ b/install/package.json
@@ -67,7 +67,7 @@
         "file-loader": "6.2.0",
         "fs-extra": "11.1.1",
         "graceful-fs": "4.2.11",
-        "helmet": "6.2.0",
+        "helmet": "7.0.0",
         "html-to-text": "9.0.5",
         "ipaddr.js": "2.0.1",
         "jquery": "3.6.4",
diff --git a/src/webserver.js b/src/webserver.js
index c0a1c8e537..8a70a3a2e3 100644
--- a/src/webserver.js
+++ b/src/webserver.js
@@ -192,11 +192,9 @@ function setupHelmet(app) {
 		crossOriginOpenerPolicy: { policy: meta.config['cross-origin-opener-policy'] },
 		crossOriginResourcePolicy: { policy: meta.config['cross-origin-resource-policy'] },
 		referrerPolicy: { policy: 'strict-origin-when-cross-origin' },
+		crossOriginEmbedderPolicy: !!meta.config['cross-origin-embedder-policy'],
 	};
 
-	if (!meta.config['cross-origin-embedder-policy']) {
-		options.crossOriginEmbedderPolicy = false;
-	}
 	if (meta.config['hsts-enabled']) {
 		options.hsts = {
 			maxAge: meta.config['hsts-maxage'],