diff --git a/basic/apps/ninja/invoiceninja-values-configmap.yaml b/basic/apps/ninja/invoiceninja-values-configmap.yaml
index 25285446d7a13ee871addc93efc16f39dfb4f8fe..45576eb9c12d9c38a081295f22689c5464c18122 100644
--- a/basic/apps/ninja/invoiceninja-values-configmap.yaml
+++ b/basic/apps/ninja/invoiceninja-values-configmap.yaml
@@ -13,7 +13,9 @@ data:
       hostname: "ninja.${domain}"
       tls: true
       certManager: true
-        annotations:
+      annotations:
+        nginx.ingress.kubernetes.io/configuration-snippet: |
+          add_header "Content-Security-Policy: frame-ancestors 'self' ${nextcloud_domain}";
     persistence:
       public:
         existingClaim: invoiceninja-data