diff --git a/config/_default/server.toml b/config/_default/server.toml
index 678004108..90b18ce4d 100644
--- a/config/_default/server.toml
+++ b/config/_default/server.toml
@@ -65,6 +65,7 @@ Content-Security-Policy = """
         https://d4twhgtvn0ff5.cloudfront.net/
         https://letsencrypt-merch.myshopify.com
     ;
+    frame-ancestors 'none';
 """
 
 [[headers]]
diff --git a/netlify.toml b/netlify.toml
index 5fd2da377..a5761d299 100644
--- a/netlify.toml
+++ b/netlify.toml
@@ -83,6 +83,7 @@ Content-Security-Policy = """
         https://www.paypal.com
         https://www.google-analytics.com
     ;
+    frame-ancestors 'none';
 """
 
 [[headers]]