diff --git a/php/libraries/NDB_Client.class.inc b/php/libraries/NDB_Client.class.inc
index 621ec496408..334e02a02b8 100644
--- a/php/libraries/NDB_Client.class.inc
+++ b/php/libraries/NDB_Client.class.inc
@@ -129,6 +129,8 @@ class NDB_Client
             . "script-src 'self' 'unsafe-inline' 'unsafe-eval' $CaptchaDomains; "
             . "font-src 'self' data:; "
             . "img-src 'self' data:; "
+            . "frame-ancestors 'none'; "
+            . "form-action 'self'; "
             . $config_additions
         );
         // start php session