diff --git a/caddy/snippets/SecurityHeaders b/caddy/snippets/SecurityHeaders
index 7fa4bfc..a0b0d4e 100644
--- a/caddy/snippets/SecurityHeaders
+++ b/caddy/snippets/SecurityHeaders
@@ -1,12 +1,12 @@
 header {
 	# Enable HSTS
 	Strict-Transport-Security max-age=31536000;
-	# Prevent embedding in frames
-	X-Frame-Options DENY
 	# Enable XSS protection
 	X-XSS-Protection "1; mode=block"
 	# Prevent MIME sniffing
 	X-Content-Type-Options nosniff
 	# Referrer policy
 	Referrer-Policy strict-origin-when-cross-origin
+	# Prevent embedding in external iframes
+	Content-Security-Policy "frame-ancestors 'self' {$ADMIN_DOMAIN:}"
 }