diff --git a/src/middleware/index.js b/src/middleware/index.js
index c4ddc379c0..376436bf34 100644
--- a/src/middleware/index.js
+++ b/src/middleware/index.js
@@ -214,8 +214,13 @@ module.exports = function(app, data) {
 
 		app.use(function (req, res, next) {
 			res.locals.csrf_token = req.session._csrf;
-			res.setHeader('X-Frame-Options', 'SAMEORIGIN');
 			res.setHeader('X-Powered-By', 'NodeBB');
+
+			res.setHeader('X-Frame-Options', 'SAMEORIGIN');
+			if (meta.config['allow-from-uri']) {
+				res.setHeader('ALLOW-FROM', meta.config['allow-from-uri']);
+			}
+
 			next();
 		});