diff --git a/src/AzureIoTHub.Portal/Server/Startup.cs b/src/AzureIoTHub.Portal/Server/Startup.cs
index b0a63a62a..cf1ddcd83 100644
--- a/src/AzureIoTHub.Portal/Server/Startup.cs
+++ b/src/AzureIoTHub.Portal/Server/Startup.cs
@@ -279,7 +279,15 @@ public async void Configure(IApplicationBuilder app, IWebHostEnvironment env)
             _ = app.UseProblemDetails();
             app.UseIfElse(IsApiRequest, UseApiExceptionMiddleware, UseUIExceptionMiddleware);
 
-            _ = app.UseSecurityHeaders();
+            _ = app.UseSecurityHeaders(opts =>
+            {
+                _= opts.AddContentSecurityPolicy(csp =>
+                {
+                    _ = csp.AddFrameAncestors()
+                        .Self()
+                        .From(app.ApplicationServices.GetService<ConfigHandler>().OIDCMetadataUrl);
+                });
+            });
 
             if (env.IsDevelopment())
             {