diff --git a/app/Controllers/Episode.php b/app/Controllers/Episode.php
index 477a5cad979cdf9ea35f05dc5ddf7e2eba722210..a4a8ce21026888c3aef9df705b2f3282d4ea3203 100644
--- a/app/Controllers/Episode.php
+++ b/app/Controllers/Episode.php
@@ -88,6 +88,8 @@ class Episode extends BaseController
 
     public function embeddablePlayer($theme = 'light-transparent')
     {
+        header('Content-Security-Policy: frame-ancestors https://* http://*');
+
         self::triggerWebpageHit($this->episode->podcast_id);
 
         $session = \Config\Services::session();