diff --git a/httpd.service b/httpd.service
index b75e28c..c5b5e08 100644
--- a/httpd.service
+++ b/httpd.service
@@ -26,25 +26,8 @@ ExecReload=/usr/sbin/httpd $OPTIONS -k graceful
 # Send SIGWINCH for graceful stop
 KillSignal=SIGWINCH
 KillMode=mixed
-DevicePolicy=closed
-KeyringMode=private
-LockPersonality=yes
-MemoryDenyWriteExecute=yes
-OOMPolicy=continue
-PrivateDevices=yes
 PrivateTmp=true
-ProtectClock=yes
-ProtectControlGroups=yes
-ProtectHome=read-only
-ProtectHostname=yes
-ProtectKernelLogs=yes
-ProtectKernelModules=yes
-ProtectKernelTunables=yes
-ProtectSystem=yes
-RestrictNamespaces=yes
-RestrictRealtime=yes
-RestrictSUIDSGID=yes
-SystemCallArchitectures=native
+OOMPolicy=continue
 
 [Install]
 WantedBy=multi-user.target
diff --git a/httpd.service.xml b/httpd.service.xml
index 3ddbc9e..7dfdb97 100644
--- a/httpd.service.xml
+++ b/httpd.service.xml
@@ -231,16 +231,7 @@ Wants=network-online.target</programlisting>
     <refsect2>
       <title>Process policies and restrictions</title>
 
-      <para>The <command>httpd.service</command> unit enables a
-      variety of sandboxing options. Many of these prevent the service
-      from changing the system configuration - such as
-      <emphasis>ProtectClock</emphasis> and
-      <emphasis>ProtectKernelModules</emphasis>. See
-      <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
-      and
-      <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
-      for more information on these options. Particular notice should
-      be taken of the following:
+      <para>The httpd service uses the following options:
 
       <itemizedlist>
         <listitem><para><emphasis>PrivateTmp</emphasis> is enabled by
@@ -256,14 +247,13 @@ Wants=network-online.target</programlisting>
         the policy to <emphasis>continue</emphasis>, httpd will
         continue to run (and recover) if a single child is terminated
         because of excess memory consumption.</para></listitem>
+      </itemizedlist>
 
-        <listitem><para><emphasis>ProtectHome</emphasis> is set to
-        <emphasis>read-only</emphasis> by default. CGI scripts run via
-        <emphasis>UserDir</emphasis> will not be able modify any
-        content in <filename>/home</filename> by
-        default.</para></listitem>
-      </itemizedlist></para>
-
+      See
+      <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+      and
+      <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+      for more information.</para>
     </refsect2>
 
     <refsect2>
diff --git a/httpd.spec b/httpd.spec
index 864c8b7..9498533 100644
--- a/httpd.spec
+++ b/httpd.spec
@@ -834,10 +834,6 @@ exit $rv
 * Thu Mar 28 2024 Joe Orton <jorton@redhat.com> - 2.4.58-8
 - rebuild to fix changelog ordering
 
-* Thu Mar 7 2024 Rahul Sundaram <sundaram@fedoraproject.org> - 2.4.58-7
-- Update Systemd security settings as part of https://fedoraproject.org/wiki/Changes/SystemdSecurityHardening
-- updated httpd.service(5) (Joe Orton)
-
 * Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.58-6
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 
diff --git a/httpd@.service b/httpd@.service
index 8b20b90..84424fb 100644
--- a/httpd@.service
+++ b/httpd@.service
@@ -19,25 +19,8 @@ ExecReload=/usr/sbin/httpd $OPTIONS -k graceful -f conf/%i.conf
 # Send SIGWINCH for graceful stop
 KillSignal=SIGWINCH
 KillMode=mixed
-DevicePolicy=closed
-KeyringMode=private
-LockPersonality=yes
-MemoryDenyWriteExecute=yes
-OOMPolicy=continue
-PrivateDevices=yes
 PrivateTmp=true
-ProtectClock=yes
-ProtectControlGroups=yes
-ProtectHome=read-only
-ProtectHostname=yes
-ProtectKernelLogs=yes
-ProtectKernelModules=yes
-ProtectKernelTunables=yes
-ProtectSystem=yes
-RestrictNamespaces=yes
-RestrictRealtime=yes
-RestrictSUIDSGID=yes
-SystemCallArchitectures=native
+OOMPolicy=continue
 
 [Install]
 WantedBy=multi-user.target
