diff --git a/ssl-params.conf b/ssl-params.conf
index 42e50b26..6383aa4e 100644
--- a/ssl-params.conf
+++ b/ssl-params.conf
@@ -15,7 +15,7 @@ resolver_timeout 5s;
 # the "preload" directive if you understand the implications.
 #add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
 add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
-add_header X-Frame-Options DENY;
+add_header X-Frame-Options SAMEORIGIN;
 add_header X-Content-Type-Options nosniff;
 
 ssl_dhparam /etc/ssl/certs/dhparam.pem;
\ No newline at end of file