diff --git a/infrastructure/lib/stacks/opensearchNginxProxyReadonly.ts b/infrastructure/lib/stacks/opensearchNginxProxyReadonly.ts
index 506a30f..3456edd 100644
--- a/infrastructure/lib/stacks/opensearchNginxProxyReadonly.ts
+++ b/infrastructure/lib/stacks/opensearchNginxProxyReadonly.ts
@@ -176,6 +176,7 @@ export class OpenSearchMetricsNginxReadonly extends Stack {
                 add_header Strict-Transport-Security "max-age=47304000; includeSubDomains";
                 add_header X-Content-Type-Options "nosniff";
                 add_header X-Frame-Options "DENY";  
+                add_header Content-Security-Policy "frame-ancestors https://opensearch.org";
                 add_header Cache-Control "no-store, no-cache";
                 
                 set $os_endpoint ${nginxProps.opensearchDashboardUrlProps.opensearchDashboardVpcUrl};