diff --git a/libraries/psibase/common/include/psibase/Rpc.hpp b/libraries/psibase/common/include/psibase/Rpc.hpp
index 24d074bc2..9cbfdce6c 100644
--- a/libraries/psibase/common/include/psibase/Rpc.hpp
+++ b/libraries/psibase/common/include/psibase/Rpc.hpp
@@ -11,7 +11,13 @@ namespace psibase
    {
       std::string name;
       std::string value;
+
+      friend bool operator==(const HttpHeader& lhs, const HttpHeader& rhs)
+      {
+         return lhs.name == rhs.name && lhs.value == rhs.value;
+      }
    };
+
    PSIO_REFLECT(HttpHeader, definitionWillNotChange(), name, value)
 
    // TODO: consider adding headers to this
diff --git a/services/system/ProxySys/src/ProxySys.cpp b/services/system/ProxySys/src/ProxySys.cpp
index 14bc5e62c..5d58f0769 100644
--- a/services/system/ProxySys/src/ProxySys.cpp
+++ b/services/system/ProxySys/src/ProxySys.cpp
@@ -79,10 +79,23 @@ namespace SystemService
       // TODO: avoid repacking (both directions)
       psibase::Actor<ServerInterface> iface(act.service, service);
 
+      auto reqTarget = req.target;
+
       auto result = iface.serveSys(std::move(req));
       if (result && !result->headers.empty() && serviceName != "common-sys")
          abortMessage("service " + service.str() + " attempted to set an http header");
 
+      if (reqTarget.size() == 0 || reqTarget.starts_with("/index.html"))
+      {
+         // Check if the target header is already in the vector; if the header was not found, add it
+         HttpHeader frameAncestorHeader = {"Content-Security-Policy", "frame-ancestors 'none';"};
+         auto pos = std::find(result->headers.begin(), result->headers.end(), frameAncestorHeader);
+         if (pos == result->headers.end())
+         {
+            result->headers.push_back(frameAncestorHeader);
+         }
+      }
+
       setRetval(result);
    }  // serve()