diff --git a/util/Setup/Templates/NginxConfig.hbs b/util/Setup/Templates/NginxConfig.hbs
index 0b2634f525..d5041b0229 100644
--- a/util/Setup/Templates/NginxConfig.hbs
+++ b/util/Setup/Templates/NginxConfig.hbs
@@ -47,7 +47,7 @@ server {
 
   # Security headers
   add_header Referrer-Policy same-origin;
-  #add_header X-Frame-Options SAMEORIGIN;
+  add_header X-Frame-Options SAMEORIGIN;
 {{#if Ssl}}
   add_header X-Content-Type-Options nosniff;
   # This will enforce HTTP browsing into HTTPS and avoid ssl stripping attack. 6 months age
@@ -67,6 +67,16 @@ server {
     add_header Content-Type $fido_content_type;
   }
 
+  location = /duo-connector.html {
+    proxy_pass http://web:5000/duo-connector.html;
+    proxy_hide_header X-Frame-Options;
+  }
+
+  location = /u2f-connector.html {
+    proxy_pass http://web:5000/u2f-connector.html;
+    proxy_hide_header X-Frame-Options;
+  }
+
   location /attachments/ {
     proxy_pass http://attachments:5000/;
   }