diff --git a/apps/jumpserver/conf.py b/apps/jumpserver/conf.py
index cab2ebf3a..1d513025c 100644
--- a/apps/jumpserver/conf.py
+++ b/apps/jumpserver/conf.py
@@ -220,6 +220,9 @@ class Config(dict):
         'ANNOUNCEMENT_ENABLED': True,
         'ANNOUNCEMENT': {},
 
+        # Security
+        'X_FRAME_OPTIONS': 'DENY',
+
         # 未使用的配置
         'CAPTCHA_TEST_MODE': None,
         'DISPLAY_PER_PAGE': 25,
diff --git a/apps/jumpserver/settings/base.py b/apps/jumpserver/settings/base.py
index dbe6a59a7..5bd7fb84e 100644
--- a/apps/jumpserver/settings/base.py
+++ b/apps/jumpserver/settings/base.py
@@ -334,6 +334,8 @@ AUTH_USER_MODEL = 'users.User'
 FILE_UPLOAD_PERMISSIONS = 0o644
 FILE_UPLOAD_DIRECTORY_PERMISSIONS = 0o755
 
+X_FRAME_OPTIONS = CONFIG.X_FRAME_OPTIONS
+
 # Cache use redis
 REDIS_SSL_KEY = exist_or_default(os.path.join(CERTS_DIR, 'redis_client.key'), None)
 REDIS_SSL_CERT = exist_or_default(os.path.join(CERTS_DIR, 'redis_client.crt'), None)