diff --git a/digitaleagentur/settings.py b/digitaleagentur/settings.py
index ff137a4..d9bc4bb 100644
--- a/digitaleagentur/settings.py
+++ b/digitaleagentur/settings.py
@@ -32,7 +32,8 @@ SESSION_COOKIE_SECURE = False
 
 # FOR SUMMERNOTE ORIGIN
 #X_FRAME_OPTIONS = 'SAMEORIGIN'
-X_FRAME_OPTIONS = 'ALLOWALL'
+#X_FRAME_OPTIONS = 'ALLOWALL'
+X_FRAME_OPTIONS = 'SAMEORIGIN'
 
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/2.2/howto/deployment/checklist/