diff --git a/src/Foundation.hs b/src/Foundation.hs
index be0eb18..1ba1880 100644
--- a/src/Foundation.hs
+++ b/src/Foundation.hs
@@ -67,14 +67,14 @@ instance Yesod App where
             else id
 
     yesodMiddleware :: HandlerFor App res -> HandlerFor App res
-    yesodMiddleware = maybeSSLOnly . defaultYesodMiddleware . defaultCsrfMiddleware
+    yesodMiddleware = customMiddleware . defaultYesodMiddleware . defaultCsrfMiddleware
       where
-        maybeSSLOnly handler = do
+        customMiddleware handler = do
+          addHeader "X-Frame-Options" "DENY"
           yesod <- getYesod
           (if appSSLOnly (appSettings yesod)
              then sslOnlyMiddleware session_timeout_minutes
-             else id)
-            handler
+             else id) handler
 
     defaultLayout widget = do
         req <- getRequest