diff --git a/middleware/content_security_policiy.go b/middleware/content_security_policiy.go
index 68f55a6..ba4e370 100644
--- a/middleware/content_security_policiy.go
+++ b/middleware/content_security_policiy.go
@@ -7,7 +7,7 @@ func ContentSecurityPolicy(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		// While this value can be overridden, it can't be moved to after the next.ServeHTTP call,
 		// because if the response writer get's closed, the headers can't be set anymore
-		w.Header().Set("Content-Security-Policy", "default-src 'self' https://umami.me-fit.eu")
+		w.Header().Set("Content-Security-Policy", "default-src 'self' https://umami.me-fit.eu; frame-ancestors 'none'")
 
 		next.ServeHTTP(w, r)
 	})