diff --git a/htdocs/install/inc.php b/htdocs/install/inc.php
index 6ca9a99cdcf..a20c3489866 100644
--- a/htdocs/install/inc.php
+++ b/htdocs/install/inc.php
@@ -195,6 +195,10 @@ if (preg_match('/install\.lock/i', $_SERVER["SCRIPT_FILENAME"])) {
 		$langs->setDefaultLang('auto');
 	}
 	$langs->load("install");
+
+	header("X-Content-Type-Options: nosniff");
+	header("X-Frame-Options: SAMEORIGIN"); // Frames allowed only if on same domain (stop some XSS attacks)
+
 	print $langs->trans("YouTryInstallDisabledByDirLock");
 	if (!empty($dolibarr_main_url_root)) {
 		print 'Click on following link, <a href="'.$dolibarr_main_url_root.'/admin/index.php?mainmenu=home&leftmenu=setup'.(GETPOSTISSET("login") ? '&username='.urlencode(GETPOST("login")) : '').'">';
@@ -216,6 +220,10 @@ if (@file_exists($lockfile)) {
 		$langs->setDefaultLang('auto');
 	}
 	$langs->load("install");
+
+	header("X-Content-Type-Options: nosniff");
+	header("X-Frame-Options: SAMEORIGIN"); // Frames allowed only if on same domain (stop some XSS attacks)
+
 	print $langs->trans("YouTryInstallDisabledByFileLock");
 	if (!empty($dolibarr_main_url_root)) {
 		print $langs->trans("ClickOnLinkOrRemoveManualy").'<br>';