diff --git a/etc/nginx/snippets/security.conf b/etc/nginx/snippets/security.conf
index e3e0a1b..a7a78b7 100644
--- a/etc/nginx/snippets/security.conf
+++ b/etc/nginx/snippets/security.conf
@@ -10,13 +10,15 @@ add_header Referrer-Policy "same-origin" always;
 proxy_hide_header X-Content-Type-Options;
 add_header X-Content-Type-Options "nosniff" always;
 
-proxy_hide_header X-Frame-Options;
-add_header X-Frame-Options "SAMEORIGIN" always;
-
 proxy_hide_header X-Permitted-Cross-Domain-Policies;
 add_header X-Permitted-Cross-Domain-Policies "none" always;
 
+# Obsolete and replaced by Content-Security-Policy frame-ancestors
+# Setting the less restrictive SAMEORIGIN here, has frame-ancestors 'none' will overwrite it anyways
+proxy_hide_header X-Frame-Options;
+add_header X-Frame-Options "SAMEORIGIN" always;
+
 # Obsolete and replaced by Content-Security-Policy
 # Only here to pass Hardenize checks
 proxy_hide_header X-XSS-Protection;
-add_header X-XSS-Protection "0" always;
+add_header X-XSS-Protection "0" always;
\ No newline at end of file