diff --git a/commons/src/main/java/lcsb/mapviewer/common/Configuration.java b/commons/src/main/java/lcsb/mapviewer/common/Configuration.java
index e8fb36c07b1f78c338d1c670e62a6df650d42845..6aafe5c110fb65d9460fc1da141b5e68bc5360f4 100644
--- a/commons/src/main/java/lcsb/mapviewer/common/Configuration.java
+++ b/commons/src/main/java/lcsb/mapviewer/common/Configuration.java
@@ -4,6 +4,8 @@ import java.io.BufferedReader;
 import java.io.File;
 import java.io.FileReader;
 import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
 
 import org.apache.log4j.Logger;
 
@@ -142,7 +144,7 @@ public final class Configuration {
   /**
    * Address that should be allowed to use x-frame.
    */
-  private static String xFrametDomain = null;
+  private static List<String> xFrametDomain = new ArrayList<>();
 
   /**
    * Directory where tomcat webapp folder is located. Default value is "." because
@@ -360,17 +362,17 @@ public final class Configuration {
    * @return the xFrametDomain
    * @see #xFrametDomain
    */
-  public static String getxFrameDomain() {
+  public static List<String> getxFrameDomain() {
     return xFrametDomain;
   }
 
   /**
-   * @param xFrametDomain
+   * @param xFrametDomains
    *          the xFrametDomain to set
    * @see #xFrametDomain
    */
-  public static void setxFrameDomain(String xFrametDomain) {
-    Configuration.xFrametDomain = xFrametDomain;
+  public static void setxFrameDomain(List<String> xFrametDomains) {
+    Configuration.xFrametDomain = xFrametDomains;
   }
 
   /**
diff --git a/commons/src/test/java/lcsb/mapviewer/common/ConfigurationTest.java b/commons/src/test/java/lcsb/mapviewer/common/ConfigurationTest.java
index 9daf7394373f94c19705081f3f4ed836bfb5fe91..14b510510c8cdc55d2ab966951a8969610fb593f 100644
--- a/commons/src/test/java/lcsb/mapviewer/common/ConfigurationTest.java
+++ b/commons/src/test/java/lcsb/mapviewer/common/ConfigurationTest.java
@@ -6,6 +6,8 @@ import static org.junit.Assert.assertNotNull;
 
 import java.io.File;
 import java.lang.reflect.Constructor;
+import java.util.ArrayList;
+import java.util.List;
 
 import org.apache.log4j.Logger;
 import org.junit.After;
@@ -66,7 +68,8 @@ public class ConfigurationTest extends CommonTestFunctions{
 
 	@Test
 	public void testXGetSystemVersion() {
-		String frame = "test";
+		List<String> frame = new ArrayList<>();
+		frame.add("test");
 		Configuration.setxFrameDomain(frame);
 		assertEquals(frame, Configuration.getxFrameDomain());
 	}
diff --git a/service/src/main/java/lcsb/mapviewer/services/impl/ConfigurationService.java b/service/src/main/java/lcsb/mapviewer/services/impl/ConfigurationService.java
index 0a3a70d0c3956eab4739b1db62ffd2b91105e0b3..5cc62565ad691134cf01c768a2aeb9f8f0b7db36 100644
--- a/service/src/main/java/lcsb/mapviewer/services/impl/ConfigurationService.java
+++ b/service/src/main/java/lcsb/mapviewer/services/impl/ConfigurationService.java
@@ -8,6 +8,7 @@ import org.apache.log4j.Logger;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.transaction.annotation.Transactional;
 
+import lcsb.mapviewer.common.Configuration;
 import lcsb.mapviewer.common.FrameworkVersion;
 import lcsb.mapviewer.model.user.ConfigurationElementType;
 import lcsb.mapviewer.model.user.ConfigurationOption;
@@ -63,6 +64,13 @@ public class ConfigurationService implements IConfigurationService {
     }
     configuration.setValue(value);
     configurationDao.add(configuration);
+
+    if (type.equals(ConfigurationElementType.X_FRAME_DOMAIN)) {
+      Configuration.getxFrameDomain().clear();
+      for (String domain : getConfigurationValue(ConfigurationElementType.X_FRAME_DOMAIN).split(";")) {
+        Configuration.getxFrameDomain().add(domain);
+      }
+    }
   }
 
   @Override
diff --git a/web/src/main/java/lcsb/mapviewer/bean/utils/StartupBean.java b/web/src/main/java/lcsb/mapviewer/bean/utils/StartupBean.java
index 380de5359833e754b56d9c6edc6cbe49b9581631..9fafff8679eaa72c8d1cfa255e4f5d1230ccf37e 100644
--- a/web/src/main/java/lcsb/mapviewer/bean/utils/StartupBean.java
+++ b/web/src/main/java/lcsb/mapviewer/bean/utils/StartupBean.java
@@ -78,8 +78,10 @@ public class StartupBean {
 
   private void modifyXFrameDomain() {
     try {
-      Configuration
-          .setxFrameDomain(configurationService.getConfigurationValue(ConfigurationElementType.X_FRAME_DOMAIN));
+      for (String domain : configurationService.getConfigurationValue(ConfigurationElementType.X_FRAME_DOMAIN)
+          .split(";")) {
+        Configuration.getxFrameDomain().add(domain);
+      }
     } catch (Exception e) {
       logger.error("Problem with modyfing x frame domain...", e);
     }
diff --git a/web/src/main/java/lcsb/mapviewer/bean/utils/XFrameAccessControlFilter.java b/web/src/main/java/lcsb/mapviewer/bean/utils/XFrameAccessControlFilter.java
index d9b09421ac8843d5402537275f63dab9da57b0d4..eaedccd574c8bd032dec3e165b2e66e65b6ad7ea 100644
--- a/web/src/main/java/lcsb/mapviewer/bean/utils/XFrameAccessControlFilter.java
+++ b/web/src/main/java/lcsb/mapviewer/bean/utils/XFrameAccessControlFilter.java
@@ -1,6 +1,7 @@
 package lcsb.mapviewer.bean.utils;
 
 import java.io.IOException;
+import java.util.List;
 
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
@@ -22,30 +23,39 @@ import lcsb.mapviewer.common.Configuration;
  *
  */
 public class XFrameAccessControlFilter implements Filter {
-	/**
-	 * Default class logger.
-	 */
-	@SuppressWarnings("unused")
-	private final Logger logger = Logger.getLogger(XFrameAccessControlFilter.class);
-
-	@Override
-	public void init(FilterConfig config) throws ServletException {
-	}
-
-	@Override
-	public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
-		HttpServletResponse response = (HttpServletResponse) res;
-		String domain = Configuration.getxFrameDomain();
-		if (new UrlValidator().isValid(domain) || (domain != null && domain.contains("localhost"))) {
-			response.addHeader("X-Frame-Options", "ALLOW-FROM " + domain);
-		} else {
-			response.addHeader("X-Frame-Options", "DENY");
-		}
-		chain.doFilter(req, response);
-	}
-
-	@Override
-	public void destroy() {
-	}
+  /**
+   * Default class logger.
+   */
+  @SuppressWarnings("unused")
+  private final Logger logger = Logger.getLogger(XFrameAccessControlFilter.class);
+
+  @Override
+  public void init(FilterConfig config) throws ServletException {
+  }
+
+  @Override
+  public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
+      throws IOException, ServletException {
+    HttpServletResponse response = (HttpServletResponse) res;
+    List<String> domains = Configuration.getxFrameDomain();
+
+    String value = "frame-ancestors ";
+    for (String domain : domains) {
+      if (new UrlValidator().isValid(domain) || (domain != null && domain.contains("localhost"))) {
+        value += domain + " ";
+      }
+    }
+    
+    if (!value.equals("frame-ancestors ")) {
+      response.addHeader("Content-Security-Policy", value);
+    } else {
+      response.addHeader("X-Frame-Options", "DENY");
+    }
+    chain.doFilter(req, response);
+  }
+
+  @Override
+  public void destroy() {
+  }
 
 }