diff --git a/app/templates/layout/default.php b/app/templates/layout/default.php
index 4a8d32808..b46685aad 100644
--- a/app/templates/layout/default.php
+++ b/app/templates/layout/default.php
@@ -31,6 +31,7 @@
 header("Expires: Thursday, 10-Jan-69 00:00:00 GMT");
 header("Cache-Control: no-store, no-cache, max-age=0, must-revalidate");
 header("Pragma: no-cache");
+header("Content-Security-Policy: frame-ancestors 'self'");
 
 // Add X-UA-Compatible header for IE
 if(isset($_SERVER['HTTP_USER_AGENT']) && (strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false)) {
diff --git a/app/templates/layout/error.php b/app/templates/layout/error.php
index d67e68fb1..9aadeae3a 100644
--- a/app/templates/layout/error.php
+++ b/app/templates/layout/error.php
@@ -31,6 +31,7 @@
 header("Expires: Thursday, 10-Jan-69 00:00:00 GMT");
 header("Cache-Control: no-store, no-cache, max-age=0, must-revalidate");
 header("Pragma: no-cache");
+header("Content-Security-Policy: frame-ancestors 'self'");
 
 // Add X-UA-Compatible header for IE
 if(isset($_SERVER['HTTP_USER_AGENT']) && (strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false)) {
diff --git a/app/templates/layout/iframe.php b/app/templates/layout/iframe.php
index 49155c267..8dcf36fbc 100644
--- a/app/templates/layout/iframe.php
+++ b/app/templates/layout/iframe.php
@@ -31,6 +31,7 @@
 header("Expires: Thursday, 10-Jan-69 00:00:00 GMT");
 header("Cache-Control: no-store, no-cache, max-age=0, must-revalidate");
 header("Pragma: no-cache");
+header("Content-Security-Policy: frame-ancestors 'self'");
 
 // Add X-UA-Compatible header for IE
 if(isset($_SERVER['HTTP_USER_AGENT']) && (strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false)) {