diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 74d56340..fb29d7f3 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -2,6 +2,7 @@ class ApplicationController < ActionController::Base
   protect_from_forgery
 
   before_filter :get_invite_link
+  after_action :allow_embedding
   
   # this is for global login
   include ContentHelper
@@ -69,4 +70,11 @@ private
     safe_uri = (unsafe_uri.match(valid_url)) ? unsafe_uri : '//metamaps.cc/'
     @invite_link = "#{safe_uri}join" + (current_user ? "?code=#{current_user.code}" : "")
   end
+
+  def allow_embedding
+    #allow all
+    response.headers.except! 'X-Frame-Options'
+    # or allow a whitelist
+    # response.headers['X-Frame-Options'] = 'ALLOW-FROM http://blog.metamaps.cc'
+  end
 end