diff --git a/include/client/header.inc.php b/include/client/header.inc.php
index 2e93d012db87de7f2fa984e12b6110dcef13be4b..a95bb080af72ab1bb87eef08db131e2f0bc32cd9 100644
--- a/include/client/header.inc.php
+++ b/include/client/header.inc.php
@@ -6,6 +6,7 @@ $signin_url = ROOT_PATH . "login.php"
 $signout_url = ROOT_PATH . "logout.php?auth=".$ost->getLinkToken();
 
 header("Content-Type: text/html; charset=UTF-8");
+header("X-Frame-Options: SAMEORIGIN");
 if (($lang = Internationalization::getCurrentLanguage())) {
     $langs = array_unique(array($lang, $cfg->getPrimaryLanguage()));
     $langs = Internationalization::rfc1766($langs);
diff --git a/include/staff/header.inc.php b/include/staff/header.inc.php
index b89c16ab49c93c57bfa790a1d2153cf1a77b2e6b..3f80ac1e0e46ad8704e0c80dd024ed77bca967d2 100644
--- a/include/staff/header.inc.php
+++ b/include/staff/header.inc.php
@@ -1,5 +1,6 @@
 <?php
 header("Content-Type: text/html; charset=UTF-8");
+header("X-Frame-Options: SAMEORIGIN");
 
 $title = ($ost && ($title=$ost->getPageTitle()))
     ? $title : ('osTicket :: '.__('Staff Control Panel'));
diff --git a/include/staff/login.header.php b/include/staff/login.header.php
index 4460229c1acb8c2814128e343c9d0e861048abcc..abe9d46f0b53b4894910778ffc3bb897f820317f 100644
--- a/include/staff/login.header.php
+++ b/include/staff/login.header.php
@@ -1,5 +1,6 @@
 <?php
 defined('OSTSCPINC') or die('Invalid path');
+header("X-Frame-Options: SAMEORIGIN");
 ?>
 <!DOCTYPE html>
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
diff --git a/setup/inc/header.inc.php b/setup/inc/header.inc.php
index 4d59e4076b9f5ed93d2428b02f683048d607e58e..57ceade2e12bad159d811881d8f8eea2022c22f7 100644
--- a/setup/inc/header.inc.php
+++ b/setup/inc/header.inc.php
@@ -1,3 +1,4 @@
+<?php header("X-Frame-Options: SAMEORIGIN"); ?>
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
     "http://www.w3.org/TR/html4/loose.dtd">
 <html <?php