diff --git a/dapps/src/apps.rs b/dapps/src/apps.rs
index 559282584..28f1979bf 100644
--- a/dapps/src/apps.rs
+++ b/dapps/src/apps.rs
@@ -38,11 +38,13 @@ pub fn utils() -> Box<Endpoint> {
 
 pub fn all_endpoints() -> Endpoints {
 	let mut pages = Endpoints::new();
-	pages.insert("proxy".to_owned(), ProxyPac::boxed());
+	pages.insert("proxy".into(), ProxyPac::boxed());
 
+	pages.insert("home".into(), Box::new(
+		PageEndpoint::new_safe_to_embed(parity_dapps_builtins::App::default())
+	));
 	insert::<parity_dapps_status::App>(&mut pages, "status");
 	insert::<parity_dapps_status::App>(&mut pages, "parity");
-	insert::<parity_dapps_builtins::App>(&mut pages, "home");
 
 	wallet_page(&mut pages);
 	daodapp_page(&mut pages);
diff --git a/dapps/src/page/mod.rs b/dapps/src/page/mod.rs
index 71989bca7..c7bfd83ec 100644
--- a/dapps/src/page/mod.rs
+++ b/dapps/src/page/mod.rs
@@ -30,6 +30,8 @@ pub struct PageEndpoint<T : WebApp + 'static> {
 	pub app: Arc<T>,
 	/// Prefix to strip from the path (when `None` deducted from `app_id`)
 	pub prefix: Option<String>,
+	/// Safe to be loaded in frame by other origin. (use wisely!)
+	safe_to_embed: bool,
 }
 
 impl<T: WebApp + 'static> PageEndpoint<T> {
@@ -37,6 +39,7 @@ impl<T: WebApp + 'static> PageEndpoint<T> {
 		PageEndpoint {
 			app: Arc::new(app),
 			prefix: None,
+			safe_to_embed: false,
 		}
 	}
 
@@ -44,6 +47,18 @@ impl<T: WebApp + 'static> PageEndpoint<T> {
 		PageEndpoint {
 			app: Arc::new(app),
 			prefix: Some(prefix),
+			safe_to_embed: false,
+		}
+	}
+
+	/// Creates new `PageEndpoint` which can be safely used in iframe
+	/// even from different origin. It might be dangerous (clickjacking).
+	/// Use wisely!
+	pub fn new_safe_to_embed(app: T) -> Self {
+		PageEndpoint {
+			app: Arc::new(app),
+			prefix: None,
+			safe_to_embed: true,
 		}
 	}
 }
@@ -61,6 +76,7 @@ impl<T: WebApp> Endpoint for PageEndpoint<T> {
 			path: path,
 			file: None,
 			write_pos: 0,
+			safe_to_embed: self.safe_to_embed,
 		})
 	}
 }
@@ -83,6 +99,7 @@ struct PageHandler<T: WebApp + 'static> {
 	path: EndpointPath,
 	file: Option<String>,
 	write_pos: usize,
+	safe_to_embed: bool,
 }
 
 impl<T: WebApp + 'static> PageHandler<T> {
@@ -128,6 +145,9 @@ impl<T: WebApp + 'static> server::Handler<HttpStream> for PageHandler<T> {
 		if let Some(f) = self.file.as_ref().and_then(|f| self.app.file(f)) {
 			res.set_status(StatusCode::Ok);
 			res.headers_mut().set(header::ContentType(f.content_type.parse().unwrap()));
+			if !self.safe_to_embed {
+				res.headers_mut().set_raw("X-Frame-Options", vec![b"SAMEORIGIN".to_vec()]);
+			}
 			Next::write()
 		} else {
 			res.set_status(StatusCode::NotFound);