diff --git a/Pipfile b/Pipfile
index addd84b6..951ea9bf 100644
--- a/Pipfile
+++ b/Pipfile
@@ -17,7 +17,6 @@ shortuuid = "*"
 quart = "*"
 quart-cors = "*"
 quart-compress = "*"
-secure = "*"
 typing-extensions = "*"
 httpx = "*"
 quart-trio = "*"
diff --git a/lnbits/app.py b/lnbits/app.py
index 35852cd9..fe86e730 100644
--- a/lnbits/app.py
+++ b/lnbits/app.py
@@ -7,7 +7,6 @@ from quart import g
 from quart_trio import QuartTrio
 from quart_cors import cors  # type: ignore
 from quart_compress import Compress  # type: ignore
-from secure import SecureHeaders  # type: ignore
 
 from .commands import db_migrate, handle_assets
 from .core import core_app
@@ -27,8 +26,6 @@ from .tasks import (
 )
 from .settings import WALLET
 
-secure_headers = SecureHeaders(hsts=False, xfo=False)
-
 
 def create_app(config_object="lnbits.settings") -> QuartTrio:
     """Create application factory.
@@ -46,7 +43,6 @@ def create_app(config_object="lnbits.settings") -> QuartTrio:
     register_blueprints(app)
     register_filters(app)
     register_commands(app)
-    register_request_hooks(app)
     register_async_tasks(app)
     register_exception_handlers(app)
 
@@ -112,15 +108,6 @@ def register_filters(app: QuartTrio):
     app.jinja_env.globals["EXTENSIONS"] = get_valid_extensions()
 
 
-def register_request_hooks(app: QuartTrio):
-    """Open the core db for each request so everything happens in a big transaction"""
-
-    @app.after_request
-    async def set_secure_headers(response):
-        secure_headers.quart(response)
-        return response
-
-
 def register_async_tasks(app):
     @app.route("/wallet/webhook", methods=["GET", "POST", "PUT", "PATCH", "DELETE"])
     async def webhook_listener():
diff --git a/lnbits/core/views/public_api.py b/lnbits/core/views/public_api.py
index d25d7852..167352ac 100644
--- a/lnbits/core/views/public_api.py
+++ b/lnbits/core/views/public_api.py
@@ -32,6 +32,24 @@ async def api_public_payment_longpolling(payment_hash):
     print("adding standalone invoice listener", payment_hash, send_payment)
     api_invoice_listeners.append(send_payment)
 
-    async for payment in receive_payment:
-        if payment.payment_hash == payment_hash:
-            return jsonify({"status": "paid"}), HTTPStatus.OK
+    response = None
+
+    async def payment_info_receiver(cancel_scope):
+        async for payment in receive_payment:
+            if payment.payment_hash == payment_hash:
+                nonlocal response
+                response = (jsonify({"status": "paid"}), HTTPStatus.OK)
+                cancel_scope.cancel()
+
+    async def timeouter(cancel_scope):
+        await trio.sleep(45)
+        cancel_scope.cancel()
+
+    async with trio.open_nursery() as nursery:
+        nursery.start_soon(payment_info_receiver, nursery.cancel_scope)
+        nursery.start_soon(timeouter, nursery.cancel_scope)
+
+    if response:
+        return response
+    else:
+        return jsonify({"message": "timeout"}), HTTPStatus.REQUEST_TIMEOUT
diff --git a/requirements.txt b/requirements.txt
index 703fbbd1..5e10e7cd 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -37,7 +37,6 @@ quart-cors==0.4.0
 quart-trio==0.7.0
 represent==1.6.0.post0
 rfc3986==1.4.0
-secure==0.2.1
 shortuuid==1.0.1
 six==1.15.0
 sniffio==1.2.0