diff --git a/src/modules/webserver.js b/src/modules/webserver.js
index cec398c4b..c69fa9b1b 100644
--- a/src/modules/webserver.js
+++ b/src/modules/webserver.js
@@ -56,7 +56,12 @@ function serveAttachments(req, res) {
 }
 
 const server = express();
-server.use(helmet());
+server.use(helmet({
+    contentSecurityPolicy: {
+      directives: {
+        "frame-ancestors": ["'self'", "buildtheearth.net", "*.buildtheearth.net", "*"],
+      },
+    }));
 server.use(cors()); 
 
 server.get("/logs/:threadId", serveLogs);