diff --git a/server/src/index.js b/server/src/index.js
index e6ef1b9..ba1cd38 100644
--- a/server/src/index.js
+++ b/server/src/index.js
@@ -47,7 +47,7 @@ app.use(express.json());
 // Security headers
 app.use((req, res, next) => {
   res.setHeader('X-Content-Type-Options', 'nosniff');
-  res.setHeader('X-Frame-Options', 'DENY');
+  res.setHeader('X-Frame-Options', 'SAMEORIGIN');
   res.setHeader('X-XSS-Protection', '1; mode=block');
   res.setHeader('Referrer-Policy', 'strict-origin-when-cross-origin');
   next();