diff --git a/bin/browserid b/bin/browserid
index f3399bb57408478b01731f1f6993375150f544b3..63fb7ac0952d6770bb52a68ce20c57630da965b6 100755
--- a/bin/browserid
+++ b/bin/browserid
@@ -87,7 +87,7 @@ if (config.get('scheme') == 'https') {
 // #4 - prevent framing of everything.  content underneath that needs to be
 // framed must explicitly remove the x-frame-options
 app.use(function(req, resp, next) {
-  resp.setHeader('x-frame-options', 'DENY');
+  resp.setHeader('x-frame-options', config.get('x_frame_options'));
   next();
 });
 
diff --git a/bin/dbwriter b/bin/dbwriter
index f50e577de773aebaf3592c25c5a8aabb3c5cdca1..978873bd44f333d908011a51638bc12fd9fbce05 100755
--- a/bin/dbwriter
+++ b/bin/dbwriter
@@ -69,7 +69,7 @@ if (config.get('scheme') == 'https') {
 // prevent framing of everything.  content underneath that needs to be
 // framed must explicitly remove the x-frame-options
 app.use(function(req, resp, next) {
-  resp.setHeader('x-frame-options', 'DENY');
+  resp.setHeader('x-frame-options', config.get('x_frame_options'));
   next();
 });
 
diff --git a/bin/static b/bin/static
index adbcdedd6d9950470f62ac332f0ba283a5d85b0e..5164b4ed08fa9ed4bcbb5e4e44cf87308d1114d5 100755
--- a/bin/static
+++ b/bin/static
@@ -69,7 +69,7 @@ if (statsd_config && statsd_config.enabled) {
 // #4 - prevent framing of everything.  content underneath that needs to be
 // framed must explicitly remove the x-frame-options
 app.use(function(req, resp, next) {
-  resp.setHeader('x-frame-options', 'DENY');
+  resp.setHeader('x-frame-options', config.get('x_frame_options'));
   next();
 });
 
diff --git a/lib/configuration.js b/lib/configuration.js
index d0bc838e0498c8143cf585fa614e5fd452b04420..38b33467af2093d6c424a7b59b0c7b8e2f8012fb 100644
--- a/lib/configuration.js
+++ b/lib/configuration.js
@@ -232,6 +232,10 @@ var conf = module.exports = convict({
     doc: "A mapping of domain names to urls, which maps popular email services to shimmed IDP deployments.",
     format: 'object { } *?',
     env: 'PROXY_IDPS' // JSON text, i.e. {"yahoo.com":"yahoo.login.persona.org"}
+  },
+  x_frame_options: {
+    doc: "By default, do not allow BrowserID to be embedded in an IFRAME",
+    format: 'string = "DENY"'
   }
 });