diff --git a/group_vars/all/05_nginx.yml b/group_vars/all/05_nginx.yml
index 5e1054e0..add55a79 100644
--- a/group_vars/all/05_nginx.yml
+++ b/group_vars/all/05_nginx.yml
@@ -15,6 +15,7 @@ nginx:
       files:          "/var/www/public_files/"          # Path where the web accessable files are stored
       global:         "/var/www/global/"                # Directory containing files which will be globaly accessable
   user:               "http"                            # Default nginx user in ArchLinux
+  iframe:             true                              # Allows applications to be loaded in iframe
 
 ## Matomo Tracking
 global_matomo_tracking_enabled:   false                 # Activates matomo tracking on all html pages. Change this in inventory.
\ No newline at end of file
diff --git a/roles/nginx-docker-reverse-proxy/templates/proxy_pass.conf.j2 b/roles/nginx-docker-reverse-proxy/templates/proxy_pass.conf.j2
index 4c9815e4..9b011362 100644
--- a/roles/nginx-docker-reverse-proxy/templates/proxy_pass.conf.j2
+++ b/roles/nginx-docker-reverse-proxy/templates/proxy_pass.conf.j2
@@ -14,6 +14,13 @@ location {{location | default("/")}}
   proxy_set_header X-Forwarded-Port 443;
   proxy_set_header Accept-Encoding "";
 
+
+{% if nginx.iframe | bool %}
+  # activate embedding via iframe
+  add_header X-Frame-Options "SAMEORIGIN" always;
+  add_header Content-Security-Policy "frame-ancestors 'self' *.{{primary_domain}};" always;
+{% endif %}
+
   # WebSocket specific header
   proxy_http_version 1.1;
   proxy_set_header Upgrade $http_upgrade;