diff --git a/Dockerfile b/Dockerfile
index 450e1026..c3706056 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -13,9 +13,11 @@ ENV API_KEY="**None**" \
     PORT="8080" \
     PORT_IPV6="" \
     BASE_URL="/" \
-    SWAGGER_JSON_URL=""
+    SWAGGER_JSON_URL="" \
+    CORS="true" \
+    EMBEDDING="false"
 
-COPY --chown=nginx:nginx --chmod=0666 ./docker/default.conf.template ./docker/cors.conf /etc/nginx/templates/
+COPY --chown=nginx:nginx --chmod=0666 ./docker/default.conf.template ./docker/cors.conf ./docker/embedding.conf /etc/nginx/templates/
 
 COPY --chmod=0666 ./dist/* /usr/share/nginx/html/
 COPY --chmod=0555 ./docker/docker-entrypoint.d/ /docker-entrypoint.d/
diff --git a/docker/default.conf.template b/docker/default.conf.template
index 893f7cd0..8f29eb3d 100644
--- a/docker/default.conf.template
+++ b/docker/default.conf.template
@@ -38,5 +38,6 @@
       }
 
       include templates/cors.conf;
+      include templates/embedding.conf;
     }
   }
diff --git a/docker/docker-entrypoint.d/40-swagger-ui.sh b/docker/docker-entrypoint.d/40-swagger-ui.sh
index d1fae87b..487d92d2 100755
--- a/docker/docker-entrypoint.d/40-swagger-ui.sh
+++ b/docker/docker-entrypoint.d/40-swagger-ui.sh
@@ -39,4 +39,14 @@ if [[ -n "${PORT_IPV6}" ]]; then
     sed -i "s|${PORT};|${PORT};\n    listen            [::]:${PORT_IPV6};|g" $NGINX_CONF
 fi
 
+# enable/disable CORS
+if [ "$CORS" != "true" ]; then
+  truncate -s 0 /etc/nginx/templates/cors.conf
+fi
+
+# allow/disallow embedding the swagger-ui in frames/iframes from different origins
+if [ "$EMBEDDING" != "false" ]; then
+  truncate -s 0 /etc/nginx/templates/embedding.conf
+fi
+
 find $NGINX_ROOT -type f -regex ".*\.\(html\|js\|css\)" -exec sh -c "gzip < {} > {}.gz" \;
diff --git a/docker/embedding.conf b/docker/embedding.conf
new file mode 100644
index 00000000..e62a64bb
--- /dev/null
+++ b/docker/embedding.conf
@@ -0,0 +1,5 @@
+#
+# Prevent displaying inside an iframe
+#
+add_header 'X-Frame-Options' 'DENY' always;
+add_header 'Content-Security-Policy' "frame-ancestors 'none'" always;