diff --git a/.htaccess b/.htaccess
index 78766692fe..22cbcce713 100755
--- a/.htaccess
+++ b/.htaccess
@@ -1,19 +1,22 @@
 # redirect to public page
-  <IfModule mod_rewrite.c>
-    RewriteEngine On
-    RewriteCond %{REQUEST_URI} !^public$
-    RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge [NC]
-    RewriteRule "^(.*)$" "/public/" [R=301,L]
-  </IfModule>
+<IfModule mod_rewrite.c>
+  RewriteEngine On
+  RewriteCond %{REQUEST_URI} !^public$
+  RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge [NC]
+  RewriteRule "^(.*)$" "/public/" [R=301,L]
+</IfModule>
 
 # disable directory browsing
 # For security reasons, Option all cannot be overridden.
 Options +SymLinksIfOwnerMatch -Indexes
-Header always set X-Frame-Options SAMEORIGIN
 
 # prevent folder listing
 IndexIgnore *
 
+<IfModule mod_headers.c>
+  Header always set X-Frame-Options "SAMEORIGIN"
+</Ifmodule>
+
 # Apache 2.4
 <IfModule authz_core_module>
   # secure htaccess file
diff --git a/Dockerfile b/Dockerfile
index ebef9c6903..aa3118aa58 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -7,7 +7,7 @@ RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \
     openssl
 
 
-RUN a2enmod rewrite
+RUN a2enmod rewrite headers
 RUN docker-php-ext-install mysqli bcmath intl gd
 RUN echo "date.timezone = \"\${PHP_TIMEZONE}\"" > /usr/local/etc/php/conf.d/timezone.ini
 
diff --git a/public/.htaccess b/public/.htaccess
index 20aeda3d83..e491849b60 100644
--- a/public/.htaccess
+++ b/public/.htaccess
@@ -24,6 +24,10 @@ RewriteRule ^(.*)$ index.php?/$1 [L]
 #Options All -Indexes
 Options +ExecCGI +Includes +IncludesNOEXEC +SymLinksIfOwnerMatch -Indexes
 
+<IfModule mod_headers.c>
+  Header always set X-Frame-Options "SAMEORIGIN"
+</Ifmodule>
+
 # prevent folder listing
 IndexIgnore *
 
@@ -60,4 +64,4 @@ IndexIgnore *
     ExpiresActive On
     ExpiresDefault "access plus 1 week"
   </FilesMatch>
-</IfModule>
\ No newline at end of file
+</IfModule>