diff --git a/src/main/java/au/com/royalpay/payment/manage/shopify/support/ShopifyRequestInfoInterceptor.java b/src/main/java/au/com/royalpay/payment/manage/shopify/support/ShopifyRequestInfoInterceptor.java
index 2a5858f83..658dbdee1 100644
--- a/src/main/java/au/com/royalpay/payment/manage/shopify/support/ShopifyRequestInfoInterceptor.java
+++ b/src/main/java/au/com/royalpay/payment/manage/shopify/support/ShopifyRequestInfoInterceptor.java
@@ -21,7 +21,7 @@ public class ShopifyRequestInfoInterceptor extends HandlerInterceptorAdapter {
             if (AnnotatedElementUtils.isAnnotated(method, ShopifyEndpoint.class)) {
                 String shop = request.getParameter("shop");
                 if (StringUtils.isNotBlank(shop)) {
-                    response.addHeader("Content-Security-Policy", "frame-ancestors https://" + shop + ".myshopify.com https://admin.shopify.com");
+                    response.addHeader("Content-Security-Policy", "frame-ancestors 'none'");
                 }
             }
         }
@@ -32,7 +32,7 @@ public class ShopifyRequestInfoInterceptor extends HandlerInterceptorAdapter {
                 JSONObject body = JSONObject.parseObject(requestBody);
                 String shop = body.getString("shop_domain");
                 if (StringUtils.isNotBlank(shop)) {
-                    response.addHeader("Content-Security-Policy", "frame-ancestors https://" + shop + ".myshopify.com https://admin.shopify.com");
+                    response.addHeader("Content-Security-Policy", "frame-ancestors 'none'");
                 }
             }
         }