diff --git a/server/core/response.go b/server/core/response.go
index fc15e420..70050a19 100644
--- a/server/core/response.go
+++ b/server/core/response.go
@@ -69,7 +69,10 @@ func (r *Response) commonHeaders() {
 	r.writer.Header().Set("X-XSS-Protection", "1; mode=block")
 	r.writer.Header().Set("X-Content-Type-Options", "nosniff")
 	r.writer.Header().Set("X-Frame-Options", "DENY")
-	r.writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src *; media-src *; frame-src *")
+
+	// Even if the directive "frame-src" has been deprecated in Firefox,
+	// we keep it to stay compatible with other browsers.
+	r.writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src *; media-src *; frame-src *; child-src *")
 }
 
 // NewResponse returns a new Response.