diff --git a/backend/tabby/app/views.py b/backend/tabby/app/views.py
index c1e4d3a..07ae0dd 100644
--- a/backend/tabby/app/views.py
+++ b/backend/tabby/app/views.py
@@ -25,7 +25,7 @@ class TerminalView(APIView):
 class DemoView(APIView):
     def get(self, request, format=None):
         response = static.serve(request, 'demo.html', document_root=str(settings.STATIC_ROOT))
-        response['X-Frame-Options'] = 'ALLOW-FROM https://tabby.sh'
+        response['Content-Security-Policy'] = 'frame-ancestors https://tabby.sh'
         return response