diff --git a/assets/drupal-ssl.nginxconf b/assets/drupal-ssl.nginxconf
index adb8297..9097a82 100644
--- a/assets/drupal-ssl.nginxconf
+++ b/assets/drupal-ssl.nginxconf
@@ -136,5 +136,5 @@ server {
   }
 
   # website should not be displayed inside a <frame>, an <iframe> or an <object>
-  add_header X-Frame-Options DENY;
+  add_header X-Frame-Options SAMEORIGIN;
 }
diff --git a/assets/drupal.nginxconf b/assets/drupal.nginxconf
index 72d182d..b3f5bc1 100644
--- a/assets/drupal.nginxconf
+++ b/assets/drupal.nginxconf
@@ -110,4 +110,8 @@ server {
       expires max;
       log_not_found off;
     }
+
+
+    # website should not be displayed inside a <frame>, an <iframe> or an <object>
+    add_header X-Frame-Options SAMEORIGIN;
 }
diff --git a/assets/simple-phpfpm-ssl.nginxconf b/assets/simple-phpfpm-ssl.nginxconf
index e4bd9cf..7d19fa5 100644
--- a/assets/simple-phpfpm-ssl.nginxconf
+++ b/assets/simple-phpfpm-ssl.nginxconf
@@ -59,4 +59,7 @@ server {
   location ~ /\.ht {
     deny all;
   }
+
+  # website should not be displayed inside a <frame>, an <iframe> or an <object>
+  add_header X-Frame-Options SAMEORIGIN;
 }
diff --git a/assets/simple-phpfpm.nginxconf b/assets/simple-phpfpm.nginxconf
index 4cd2d71..1bb09c0 100644
--- a/assets/simple-phpfpm.nginxconf
+++ b/assets/simple-phpfpm.nginxconf
@@ -35,4 +35,7 @@ server {
   location ~ /\.ht {
     deny all;
   }
+
+  # website should not be displayed inside a <frame>, an <iframe> or an <object>
+  add_header X-Frame-Options SAMEORIGIN;
 }