diff --git a/src/lib/services/project-service.ts b/src/lib/services/project-service.ts
index eea32c3085..544c9714da 100644
--- a/src/lib/services/project-service.ts
+++ b/src/lib/services/project-service.ts
@@ -190,10 +190,10 @@ export default class ProjectService {
             );
         }
 
-        if (role.name === RoleName.ADMIN) {
+        if (role.name === RoleName.OWNER) {
             const users = await this.accessService.getUsersForRole(role.id);
             if (users.length < 2) {
-                throw new Error('A project must have at least one admin');
+                throw new Error('A project must have at least one owner');
             }
         }
 
diff --git a/src/server-dev.ts b/src/server-dev.ts
index 29d1ed870c..66406289f6 100644
--- a/src/server-dev.ts
+++ b/src/server-dev.ts
@@ -23,5 +23,6 @@ unleash.start(
         versionCheck: {
             enable: false,
         },
+        secureHeaders: true,
     }),
 );
diff --git a/src/test/e2e/services/project-service.e2e.test.js b/src/test/e2e/services/project-service.e2e.test.js
index 3a21983518..542bab6745 100644
--- a/src/test/e2e/services/project-service.e2e.test.js
+++ b/src/test/e2e/services/project-service.e2e.test.js
@@ -377,3 +377,25 @@ test.serial('should remove user from the project', async t => {
 
     t.is(memberUsers.length, 0);
 });
+
+test.serial('should not remove user from the project', async t => {
+    const project = {
+        id: 'remove-users-not-allowed',
+        name: 'New project',
+        description: 'Blah',
+    };
+    await projectService.createProject(project, user);
+
+    const roles = await stores.accessStore.getRolesForProject(project.id);
+    const ownerRole = roles.find(r => r.name === RoleName.OWNER);
+
+    await t.throwsAsync(
+        async () => {
+            await projectService.removeUser(project.id, ownerRole.id, user.id);
+        },
+        {
+            instanceOf: Error,
+            message: 'A project must have at least one owner',
+        },
+    );
+});