diff --git a/src/www/guiconfig.inc b/src/www/guiconfig.inc
index 60b5f48b0..0bc7bd2b6 100644
--- a/src/www/guiconfig.inc
+++ b/src/www/guiconfig.inc
@@ -35,6 +35,7 @@ require_once("config.inc");
 /* CSRF BEGIN: CHECK MUST BE EXECUTED FIRST; NO EXCEPTIONS */
 require_once('csrf.inc');
 /* CSRF END: THANK YOU FOR YOUR COOPERATION */
+header("X-Frame-Options: SAMEORIGIN");
 
 function get_current_theme()
 {
@@ -55,8 +56,6 @@ function html_safe($text)
     return htmlspecialchars($text, ENT_QUOTES | ENT_HTML401);
 }
 
-header("X-Frame-Options: SAMEORIGIN");
-
 require_once("authgui.inc");
 
 /* Reserved table names to avoid colision */