diff --git a/SciPost_v1/settings/base.py b/SciPost_v1/settings/base.py
index 85bb2f767f323bfe626f7aa5563a64c0be21daee..e992f9aa6fd5ee8512ac03fcd50629baede7db95 100644
--- a/SciPost_v1/settings/base.py
+++ b/SciPost_v1/settings/base.py
@@ -192,6 +192,7 @@ SECURE_HSTS_SECONDS = 60
 SECURE_HSTS_INCLUDE_SUBDOMAINS = True
 SECURE_HSTS_PRELOAD = True
 SECURE_CONTENT_TYPE_NOSNIFF = True
+X_FRAME_OPTIONS = 'DENY'
 
 ROOT_URLCONF = 'SciPost_v1.urls'