diff --git a/htdocs/install/inc.php b/htdocs/install/inc.php
index 27a3fc01abd..6ca9a99cdcf 100644
--- a/htdocs/install/inc.php
+++ b/htdocs/install/inc.php
@@ -419,6 +419,7 @@ function pHeader($subtitle, $next, $action = 'set', $param = '', $forcejqueryurl
 	// We force the content charset
 	header("Content-type: text/html; charset=".$conf->file->character_set_client);
 	header("X-Content-Type-Options: nosniff");
+	header("X-Frame-Options: SAMEORIGIN"); // Frames allowed only if on same domain (stop some XSS attacks)
 
 	print '<!DOCTYPE HTML>'."\n";
 	print '<html>'."\n";