diff --git a/etc/nginx/sites-enabled/host b/etc/nginx/sites-enabled/host
index 1219cc81..e9dafaf7 100644
--- a/etc/nginx/sites-enabled/host
+++ b/etc/nginx/sites-enabled/host
@@ -32,6 +32,7 @@ server {
 
     # Enable this if your want HSTS (recommended)
     add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
+    add_header X-Frame-Options SAMEORIGIN;
 
     # OCSP Stapling ---
     # fetch OCSP records from URL in ssl_certificate and cache them
diff --git a/etc/nginx/sites-enabled/rproxy b/etc/nginx/sites-enabled/rproxy
index 108a4097..988b9a2e 100644
--- a/etc/nginx/sites-enabled/rproxy
+++ b/etc/nginx/sites-enabled/rproxy
@@ -6,6 +6,7 @@ server {
 
     # Enable this if your want HSTS (recommended)
     add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
+    add_header X-Frame-Options SAMEORIGIN;
 
     server_name something.example.org;
 
diff --git a/etc/nginx/sites-enabled/vhost b/etc/nginx/sites-enabled/vhost
index 76b4bdcd..c7c09cb2 100644
--- a/etc/nginx/sites-enabled/vhost
+++ b/etc/nginx/sites-enabled/vhost
@@ -8,6 +8,7 @@ server {
 
     # Enable this if your want HSTS (recommended)
     add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
+    add_header X-Frame-Options SAMEORIGIN;
 
     root /var/www/vhostdir;
     index index.php index.html index.htm;