diff --git a/backend/Services/Security/Security.php b/backend/Services/Security/Security.php
index b264d4f..14b2354 100644
--- a/backend/Services/Security/Security.php
+++ b/backend/Services/Security/Security.php
@@ -89,5 +89,11 @@ class Security implements Service
                 die;
             }
         }
+
+
+        if (empty($config['allow_insecure_overlays']) || !$config['allow_insecure_overlays']) {
+            $this->response->headers->set('X-Frame-Options', 'sameorigin');
+            $this->response->headers->set('Content-Security-Policy', 'frame-ancestors \'self\'');
+        }
     }
 }
diff --git a/configuration_sample.php b/configuration_sample.php
index a3f902d..24b78aa 100644
--- a/configuration_sample.php
+++ b/configuration_sample.php
@@ -72,6 +72,7 @@ return [
                 'csrf_key' => "123456", // randomize this
                 'ip_allowlist' => [],
                 'ip_denylist' => [],
+                'allow_insecure_overlays' => false,
             ],
         ],
         'Filegator\Services\View\ViewInterface' => [