diff --git a/lib/private/legacy/response.php b/lib/private/legacy/response.php
index 4186822c2690f..3965268744500 100644
--- a/lib/private/legacy/response.php
+++ b/lib/private/legacy/response.php
@@ -137,7 +137,7 @@ public static function addSecurityHeaders() {
 			. 'object-src \'none\'; '
 			. 'base-uri \'self\'; ';
 		header('Content-Security-Policy:' . $policy);
-		header('X-Frame-Options: SAMEORIGIN'); // Disallow iFraming from other domains
+//		header('X-Frame-Options: SAMEORIGIN'); // Disallow iFraming from other domains
 
 		// Send fallback headers for installations that don't have the possibility to send
 		// custom headers on the webserver side