diff --git a/src/Sylius/Bundle/CoreBundle/EventListener/FinishResponseListener.php b/src/Sylius/Bundle/CoreBundle/EventListener/FinishResponseListener.php
new file mode 100644
index 00000000000..735ff4a88a7
--- /dev/null
+++ b/src/Sylius/Bundle/CoreBundle/EventListener/FinishResponseListener.php
@@ -0,0 +1,48 @@
+isMainRequest($event)) {
+ return;
+ }
+
+ $response = $event->getResponse();
+
+ $response->headers->set('X-Frame-Options', 'sameorigin');
+ }
+
+ public static function getSubscribedEvents()
+ {
+ return [
+ KernelEvents::RESPONSE => [['onKernelResponse']],
+ ];
+ }
+
+ private function isMainRequest(ResponseEvent $event): bool
+ {
+ if (\method_exists($event, 'isMainRequest')) {
+ return $event->isMainRequest();
+ }
+
+ return $event->isMasterRequest();
+ }
+}
diff --git a/src/Sylius/Bundle/CoreBundle/Resources/config/services/listeners.xml b/src/Sylius/Bundle/CoreBundle/Resources/config/services/listeners.xml
index ef39f9b6ba5..9b1b97520b6 100644
--- a/src/Sylius/Bundle/CoreBundle/Resources/config/services/listeners.xml
+++ b/src/Sylius/Bundle/CoreBundle/Resources/config/services/listeners.xml
@@ -95,6 +95,10 @@
+
+
+
+
diff --git a/tests/Controller/FinishResponseTest.php b/tests/Controller/FinishResponseTest.php
new file mode 100644
index 00000000000..513780469f3
--- /dev/null
+++ b/tests/Controller/FinishResponseTest.php
@@ -0,0 +1,29 @@
+client->request('GET', '/');
+
+ $response = $this->client->getResponse();
+
+ $this->assertSame('sameorigin', $response->headers->get('X-Frame-Options'));
+ }
+}