diff --git a/CHANGELOG b/CHANGELOG
index 53db2dc2dc6569597163e58df36984d2d337b4b2..97d1299bae6a262045cf1bd969646679a51a266d 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -13,7 +13,6 @@ v 7.0.0
   - Group masters can create projects in group
   - Deprecate ruby 1.9.3 support
   - Only masters can rewrite/remove git tags
-  - Header X-Frame-Options allows SAMEORIGIN to display the Sidekiq interface
 
 v 6.9.2
   - Revert the commit that broke the LDAP user filter
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index efb7ad2de188a1662ae1a1ea6c523aaacabbd7f3..2730e9942ecfaf4ff861ede955eb915ee9e2947c 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -164,7 +164,7 @@ class ApplicationController < ActionController::Base
   end
 
   def default_headers
-    headers['X-Frame-Options'] = 'SAMEORIGIN' # Allow for the Sidekiq iframe in /admin/background_jobs
+    headers['X-Frame-Options'] = 'DENY'
     headers['X-XSS-Protection'] = '1; mode=block'
     headers['X-UA-Compatible'] = 'IE=edge'
     headers['X-Content-Type-Options'] = 'nosniff'