diff --git a/Changelog.md b/Changelog.md
index 0d4d9f1cf..176af5f68 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -24,6 +24,7 @@
 ## Bug fixes
 * Ignore invalid URLs for camo [#7922](https://github.com/diaspora/diaspora/pull/7922)
 * Unlinking a post did not update the participation icon without a reload [#7882](https://github.com/diaspora/diaspora/pull/7882)
+* Fix broken Instagram embedding [#7920](https://github.com/diaspora/diaspora/pull/7920)
 
 ## Features
 * Add the ability to assign roles in the admin panel [#7868](https://github.com/diaspora/diaspora/pull/7868)
diff --git a/config/initializers/secure_headers.rb b/config/initializers/secure_headers.rb
index 8ce56dce1..6007264af 100644
--- a/config/initializers/secure_headers.rb
+++ b/config/initializers/secure_headers.rb
@@ -16,7 +16,7 @@ SecureHeaders::Configuration.default do |config|
     img_src:         %w['self' data: blob: *],
     media_src:       %w[https:],
     script_src:      %w['self' blob: 'unsafe-eval' platform.twitter.com cdn.syndication.twimg.com widgets.flickr.com
-                        embedr.flickr.com platform.instagram.com 'unsafe-inline'],
+                        embedr.flickr.com www.instagram.com 'unsafe-inline'],
     style_src:       %w['self' 'unsafe-inline' platform.twitter.com *.twimg.com]
   }
   # rubocop:enable Lint/PercentStringArray