diff --git a/src/webserver.js b/src/webserver.js
index b660f34372..bf038bc34e 100644
--- a/src/webserver.js
+++ b/src/webserver.js
@@ -125,6 +125,10 @@ var express = require('express'),
 				app.use(function (req, res, next) {
 					nconf.set('https', req.secure);
 					res.locals.csrf_token = req.session._csrf;
+					
+					// Disable framing
+					res.setHeader("X-Frame-Options", "DENY");
+					
 					next();
 				});