diff --git a/html/class_passwordRecovery.inc b/html/class_passwordRecovery.inc
index 98383176e67d0258119f6340be4fa2051e923597..23e716fcd090024a937a946513cef9944b04f0f0 100644
--- a/html/class_passwordRecovery.inc
+++ b/html/class_passwordRecovery.inc
@@ -104,6 +104,8 @@ class standAlonePage {
       load_plist();
 
       $ssl = $this->checkForSSL();
+
+      static::securityHeaders();
     }
   }
 
@@ -221,6 +223,13 @@ class standAlonePage {
     return preg_replace('/^&/', '?', $params);
   }
 
+  static function securityHeaders()
+  {
+    header('X-XSS-Protection: 1; mode=block');
+    header('X-Content-Type-Options: nosniff');
+    header('X-Frame-Options: deny');
+  }
+
   static function generateRandomHash()
   {
     /* Generate a very long random value */
diff --git a/html/index.php b/html/index.php
index 700101cc3a303ab18f090607912bac8413ad3d95..4f1e1cc4259a59189e54b0424b877c8e89f9c009 100644
--- a/html/index.php
+++ b/html/index.php
@@ -29,6 +29,7 @@ require_once ("class_logging.inc");
 header('Content-type: text/html; charset=UTF-8');
 header('X-XSS-Protection: 1; mode=block');
 header('X-Content-Type-Options: nosniff');
+header('X-Frame-Options: deny');
 
 /*****************************************************************************
  *                               M   A   I   N                               *
diff --git a/html/main.php b/html/main.php
index 55518a066d99e4ff7dde5fd5337e284d6e8fd5cb..25a8248005a8c949849e9f78831e2825cad7c775 100644
--- a/html/main.php
+++ b/html/main.php
@@ -31,6 +31,7 @@ require_once ("variables.inc");
 header('Content-type: text/html; charset=UTF-8');
 header('X-XSS-Protection: 1; mode=block');
 header('X-Content-Type-Options: nosniff');
+header('X-Frame-Options: deny');
 
 /* Set the text domain as 'fusiondirectory' */
 $domain = 'fusiondirectory';
diff --git a/html/setup.php b/html/setup.php
index 292e5f555fafd6821e9b430b5a48671c207d182c..2319bcb7e7c440e264474014a110d84b521019f1 100644
--- a/html/setup.php
+++ b/html/setup.php
@@ -39,6 +39,7 @@ require_once("../setup/class_setupStepFinish.inc");
 header('Content-type: text/html; charset=UTF-8');
 header('X-XSS-Protection: 1; mode=block');
 header('X-Content-Type-Options: nosniff');
+header('X-Frame-Options: deny');
 
 /* Set cookie lifetime to one day (The parameter is in seconds ) */
 session_set_cookie_params(24 * 60 * 60);