diff --git a/deployment/puppet/nailgun/spec/classes/nginx_service_spec.rb b/deployment/puppet/nailgun/spec/classes/nginx_service_spec.rb
new file mode 100644
index 0000000000..e274c89a98
--- /dev/null
+++ b/deployment/puppet/nailgun/spec/classes/nginx_service_spec.rb
@@ -0,0 +1,7 @@
+require 'spec_helper'
+
+describe 'nailgun::nginx-service' do
+  it 'should contain X-Frame-Options SAMEORIGIN header' do
+    should contain_file('/etc/nginx/nginx.conf').with_content(/^\s*add_header X-Frame-Options SAMEORIGIN;$/)
+  end
+end
diff --git a/deployment/puppet/nailgun/templates/nginx.conf.erb b/deployment/puppet/nailgun/templates/nginx.conf.erb
index 85375e61ee..546136ff51 100644
--- a/deployment/puppet/nailgun/templates/nginx.conf.erb
+++ b/deployment/puppet/nailgun/templates/nginx.conf.erb
@@ -35,6 +35,9 @@ http {
     #prefer server ciphers over client ones
     ssl_prefer_server_ciphers on;
 
+    #prevent from clickjacking attacks
+    add_header X-Frame-Options SAMEORIGIN;
+
     # Load config files from the /etc/nginx/conf.d directory
     # The default server is in conf.d/default.conf
     include /etc/nginx/conf.d/*.conf;