diff --git a/include/class.config.php b/include/class.config.php
index 0f046d345ec939b647f68242be329730832b4267..116c5253e63d67282463600c7bec0808980ba676 100644
--- a/include/class.config.php
+++ b/include/class.config.php
@@ -430,7 +430,7 @@ class OsticketConfig extends Config {
     }
 
     function getAllowIframes() {
-        return str_replace(array(', ', ','), array(' ', ' '), $this->get('allow_iframes')) ?: 'self';
+        return str_replace(array(', ', ','), array(' ', ' '), $this->get('allow_iframes')) ?: "'self'";
     }
 
     function isAvatarsEnabled() {
diff --git a/include/client/header.inc.php b/include/client/header.inc.php
index 8c248b158d2631a577b1bbe4835961fd26228893..e26d4b503c3cefeba400226a6319b4c9e81a3fe6 100644
--- a/include/client/header.inc.php
+++ b/include/client/header.inc.php
@@ -6,7 +6,7 @@ $signin_url = ROOT_PATH . "login.php"
 $signout_url = ROOT_PATH . "logout.php?auth=".$ost->getLinkToken();
 
 header("Content-Type: text/html; charset=UTF-8");
-header("Content-Security-Policy: frame-ancestors '".$cfg->getAllowIframes()."';");
+header("Content-Security-Policy: frame-ancestors ".$cfg->getAllowIframes().";");
 if (($lang = Internationalization::getCurrentLanguage())) {
     $langs = array_unique(array($lang, $cfg->getPrimaryLanguage()));
     $langs = Internationalization::rfc1766($langs);
diff --git a/include/staff/header.inc.php b/include/staff/header.inc.php
index 4de7ccd8fadec4164008912e31e336aba89988ba..a5be849941b5240e85df268e96577138a57026f6 100644
--- a/include/staff/header.inc.php
+++ b/include/staff/header.inc.php
@@ -1,6 +1,6 @@
 <?php
 header("Content-Type: text/html; charset=UTF-8");
-header("Content-Security-Policy: frame-ancestors '".$cfg->getAllowIframes()."';");
+header("Content-Security-Policy: frame-ancestors ".$cfg->getAllowIframes().";");
 
 $title = ($ost && ($title=$ost->getPageTitle()))
     ? $title : ('osTicket :: '.__('Staff Control Panel'));
diff --git a/include/staff/login.header.php b/include/staff/login.header.php
index e1b1b3a5a242a32e50690713beda7615eae3a039..2f24f3a17a8ab4f4eb1c3249922d815295cebb8b 100644
--- a/include/staff/login.header.php
+++ b/include/staff/login.header.php
@@ -1,6 +1,6 @@
 <?php
 defined('OSTSCPINC') or die('Invalid path');
-header("Content-Security-Policy: frame-ancestors '".$cfg->getAllowIframes()."';");
+header("Content-Security-Policy: frame-ancestors ".$cfg->getAllowIframes().";");
 ?>
 <!DOCTYPE html>
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
diff --git a/setup/inc/header.inc.php b/setup/inc/header.inc.php
index 900c143fad2eb91791933b0567fddf63cf03d746..fcb69d3ffa5ea9b21d14323c10d11953cb1b36d2 100644
--- a/setup/inc/header.inc.php
+++ b/setup/inc/header.inc.php
@@ -1,6 +1,6 @@
 <?php
 if ($cfg)
-    header("Content-Security-Policy: frame-ancestors '".$cfg->getAllowIframes()."';");
+    header("Content-Security-Policy: frame-ancestors ".$cfg->getAllowIframes().";");
 ?>
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
     "http://www.w3.org/TR/html4/loose.dtd">