diff --git a/hypha/settings/base.py b/hypha/settings/base.py
index 8bf20153b1130639136252599562dd145f03811f..f7e0b6442705d94ded5a7957c78703a62ddf2f27 100644
--- a/hypha/settings/base.py
+++ b/hypha/settings/base.py
@@ -208,6 +208,9 @@ WAGTAIL_CACHE_TIMEOUT = CACHE_CONTROL_MAX_AGE
 # Set feed cache timeout (automatic cache refresh).
 FEED_CACHE_TIMEOUT = 600
 
+# Set X-Frame-Options header for every outgoing HttpResponse
+X_FRAME_OPTIONS = 'SAMEORIGIN'
+
 if env.str('REDIS_URL', None):
     CACHES = {
         'default': {