diff --git a/browserid/app.js b/browserid/app.js
index c04100524d285303bd13f2c3e595c242246bb6fa..b0382d432a9ef12e7b143d6e390128567f20ac32 100644
--- a/browserid/app.js
+++ b/browserid/app.js
@@ -87,6 +87,8 @@ function router(app) {
 
   // Used for a relay page for communication.
   app.get('/relay', function(req, res, next ) {
+    // Allow the relay to be run within a frame
+    res.removeHeader('x-frame-options');
     res.render('relay.ejs', {
       layout: false,
       production: configuration.get('use_minified_resources')
@@ -251,7 +253,7 @@ exports.setup = function(server) {
 
   // prevent framing
   server.use(function(req, resp, next) {
-    //resp.setHeader('x-frame-options', 'DENY');
+    resp.setHeader('x-frame-options', 'DENY');
     next();
   });