diff --git a/modules/kubernetes/ingress_factory/main.tf b/modules/kubernetes/ingress_factory/main.tf
index 89e8bc7c..6a871afd 100644
--- a/modules/kubernetes/ingress_factory/main.tf
+++ b/modules/kubernetes/ingress_factory/main.tf
@@ -119,6 +119,8 @@ resource "kubernetes_ingress_v1" "proxied-ingress" {
       "nginx.ingress.kubernetes.io/configuration-snippet" = <<-EOF
       limit_req_status 429;
       limit_conn_status 429;
+      # Prevent iframe embedding (clickjacking protection) - allow subdomains only
+      add_header Content-Security-Policy "frame-ancestors 'self' *.viktorbarzin.me viktorbarzin.me" always;
       ${var.rybbit_site_id != null ? <<-JS
         # Rybbit Analytics
         # Only modify HTML
diff --git a/terraform.tfstate b/terraform.tfstate
index 562765a9..4bcceff9 100644
Binary files a/terraform.tfstate and b/terraform.tfstate differ