diff --git a/sources/application/TwigBase/Controller/Controller.php b/sources/application/TwigBase/Controller/Controller.php
index 7ff7eb49d..0a1309916 100644
--- a/sources/application/TwigBase/Controller/Controller.php
+++ b/sources/application/TwigBase/Controller/Controller.php
@@ -558,6 +558,7 @@ abstract class Controller
 		{
 			case 'html':
 				$this->m_oPage = new iTopWebPage($this->GetOperationTitle());
+				$this->m_oPage->add_header('X-Frame-Options: deny');
 				break;
 
 			case 'ajax':