diff --git a/api/http/handler/file/handler.go b/api/http/handler/file/handler.go
index 464062be1..06a3c4737 100644
--- a/api/http/handler/file/handler.go
+++ b/api/http/handler/file/handler.go
@@ -34,7 +34,6 @@ func (handler *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
 	}
 
-	w.Header().Add("X-Frame-Options", "DENY")
 	w.Header().Add("X-XSS-Protection", "1; mode=block")
 	w.Header().Add("X-Content-Type-Options", "nosniff")
 	handler.Handler.ServeHTTP(w, r)
diff --git a/api/http/security/bouncer.go b/api/http/security/bouncer.go
index 0b25bd389..de0c75523 100644
--- a/api/http/security/bouncer.go
+++ b/api/http/security/bouncer.go
@@ -114,7 +114,6 @@ func (bouncer *RequestBouncer) EndpointAccess(r *http.Request, endpoint *portain
 // mwSecureHeaders provides secure headers middleware for handlers.
 func mwSecureHeaders(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Add("X-Frame-Options", "DENY")
 		w.Header().Add("X-XSS-Protection", "1; mode=block")
 		w.Header().Add("X-Content-Type-Options", "nosniff")
 		next.ServeHTTP(w, r)