diff --git a/deploy-template/fastify/static.js b/deploy-template/fastify/static.js
index 52d8bf1b8..1694a36d5 100644
--- a/deploy-template/fastify/static.js
+++ b/deploy-template/fastify/static.js
@@ -9,6 +9,11 @@ export default async (fastify) => {
 	});
 
 	fastify.get('/', function(req, reply) {
-		reply.sendFile('index.html', { maxAge: '1m', immutable: false });
+		reply.header('Content-Security-Policy', "frame-ancestors 'none'");
+		reply.header('X-Frame-Options', 'DENY');
+		reply.sendFile('index.html', {
+			maxAge: '1m',
+			immutable: false,
+		});
 	});
 };