diff --git a/pandora_console/.htaccess b/pandora_console/.htaccess
index ca572f7df1..0d2cae3781 100644
--- a/pandora_console/.htaccess
+++ b/pandora_console/.htaccess
@@ -1,6 +1,9 @@
 # pandora disable listing
 Options -Indexes
 
+# Avoid clickjacking
+Header always append X-Frame-Options SAMEORIGIN
+
 <Files ~ "\.log$"> 
 Order Allow,Deny
 Deny from All
diff --git a/pandora_console/index.php b/pandora_console/index.php
index 548991159e..d6d3be20e0 100755
--- a/pandora_console/index.php
+++ b/pandora_console/index.php
@@ -220,8 +220,6 @@ echo '<head>'."\n";
 // This starts the page head. In the callback function,
 // $page['head'] array content will be processed into the head.
 ob_start('ui_process_page_head');
-// Avoid clickjacking.
-header('X-Frame-Options: SAMEORIGIN');
 // Enterprise main.
 enterprise_include_once('index.php');