diff --git a/src/main/java/org/appng/application/authentication/webform/LoginForm.java b/src/main/java/org/appng/application/authentication/webform/LoginForm.java
index d6a418b..6c3dda2 100644
--- a/src/main/java/org/appng/application/authentication/webform/LoginForm.java
+++ b/src/main/java/org/appng/application/authentication/webform/LoginForm.java
@@ -64,6 +64,8 @@ public DataContainer getData(Site site, Application application, Environment env
 			dataContainer.getSelections().add(langSelection);
 		}
 		dataContainer.setItem(new LoginData());
+		((DefaultEnvironment) environment).getServletResponse()
+				.setHeader(com.google.common.net.HttpHeaders.CONTENT_SECURITY_POLICY, "frame-ancestors 'none'");
 		return dataContainer;
 	}
 
diff --git a/src/test/java/org/appng/application/authentication/webform/LoginUserTest.java b/src/test/java/org/appng/application/authentication/webform/LoginUserTest.java
index 2333163..8a93a31 100644
--- a/src/test/java/org/appng/application/authentication/webform/LoginUserTest.java
+++ b/src/test/java/org/appng/application/authentication/webform/LoginUserTest.java
@@ -31,6 +31,8 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.transaction.annotation.Transactional;
 
+import com.google.common.net.HttpHeaders;
+
 @FixMethodOrder(MethodSorters.NAME_ASCENDING)
 public class LoginUserTest extends BaseLoginTest {
 
@@ -61,7 +63,10 @@ public void testLoginOK() throws Exception {
 
 		Mockito.verify(site).sendRedirect(Mockito.eq(environment), Mockito.eq("/manager/appng/appng-manager"),
 				Mockito.eq(HttpStatus.FOUND.value()));
-		((DefaultEnvironment) environment).logoutSubject();
+		DefaultEnvironment defaultEnv = (DefaultEnvironment) environment;
+		defaultEnv.logoutSubject();
+		Assert.assertEquals("frame-ancestors 'none'",
+				defaultEnv.getServletResponse().getHeader(HttpHeaders.CONTENT_SECURITY_POLICY));
 	}
 
 	@Test