diff --git a/common.php b/common.php
index b82228aa..2e79ceec 100644
--- a/common.php
+++ b/common.php
@@ -27,6 +27,9 @@
         if (empty($_SESSION['flash'])) {
             $_SESSION['flash'] = array();
         }
+
+        // avoid clickjacking attacks?
+        header('X-Frame-Options: DENY');
     }
 }