diff --git a/onadata/settings/common.py b/onadata/settings/common.py
index 887e6c4ef3..5c0a399543 100644
--- a/onadata/settings/common.py
+++ b/onadata/settings/common.py
@@ -169,8 +169,11 @@
     'django.contrib.messages.middleware.MessageMiddleware',
     'onadata.libs.utils.middleware.HTTPResponseNotAllowedMiddleware',
     'onadata.libs.utils.middleware.OperationalErrorMiddleware',
+    'django.middleware.clickjacking.XFrameOptionsMiddleware',
 )
 
+X_FRAME_OPTIONS = 'DENY'
+
 LOCALE_PATHS = (os.path.join(PROJECT_ROOT, 'onadata.apps.main', 'locale'), )
 
 ROOT_URLCONF = 'onadata.apps.main.urls'