diff --git a/server/server.go b/server/server.go
index b3e697d119e7d5..f60135355c1470 100644
--- a/server/server.go
+++ b/server/server.go
@@ -93,6 +93,11 @@ func NewServer(logger *zap.Logger, version string, host string, port int, fronte
 	e.HideBanner = true
 	e.HidePort = true
 
+	// Disallow to be embeded in an iframe
+	e.Use(middleware.SecureWithConfig(middleware.SecureConfig{
+		XFrameOptions: "DENY",
+	}))
+
 	embedFrontend(logger, e)
 
 	s := &Server{