diff --git a/endpoints/web.py b/endpoints/web.py
index 82ee2bc50..63c68a8b7 100644
--- a/endpoints/web.py
+++ b/endpoints/web.py
@@ -20,7 +20,9 @@ logger = logging.getLogger(__name__)
 
 
 def render_page_template(name):
-  return render_template(name, route_data = get_route_data())
+  resp = make_response(render_template(name, route_data = get_route_data()))
+  resp.headers['X-FRAME-OPTIONS'] = 'DENY'
+  return resp
 
 
 @app.route('/', methods=['GET'], defaults={'path': ''})