diff --git a/caravel/config.py b/caravel/config.py
index 8871d95b55..ca378d8cd6 100644
--- a/caravel/config.py
+++ b/caravel/config.py
@@ -220,6 +220,12 @@ CELERY_CONFIG = None
 SQL_CELERY_DB_FILE_PATH = os.path.join(DATA_DIR, 'celerydb.sqlite')
 SQL_CELERY_RESULTS_DB_FILE_PATH = os.path.join(DATA_DIR, 'celery_results.sqlite')
 
+# static http headers to be served by your Caravel server.
+# The following example prevents iFrame from other domains
+# and "clickjacking" as a result
+# HTTP_HEADERS = {'X-Frame-Options': 'SAMEORIGIN'}
+HTTP_HEADERS = {}
+
 # The db id here results in selecting this one as a default in SQL Lab
 DEFAULT_DB_ID = None
 
diff --git a/caravel/views.py b/caravel/views.py
index 7b6df5e684..563db9f224 100755
--- a/caravel/views.py
+++ b/caravel/views.py
@@ -1796,6 +1796,14 @@ appbuilder.add_link(
     icon="fa-flask")
 
 
+@app.after_request
+def apply_caching(response):
+    """Applies the configuration's http headers to all responses"""
+    for k, v in config.get('HTTP_HEADERS').items():
+        response.headers[k] = v
+    return response
+
+
 # ---------------------------------------------------------------------
 # Redirecting URL from previous names
 class RegexConverter(BaseConverter):