diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8c5d74c4..d3ce0e91 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,6 +11,7 @@ _This release is scheduled to be released on 2022-07-01._
 
 ### Added
 
+- Added a new config option `httpHeaders` used by helmet (see https://helmetjs.github.io/). You can now set own httpHeaders which will override the defaults in `js/defauls.js` which is useful e.g. if you want to embed MagicMirror into annother website (solves #2847).
 - Show endDate for calendar events when dateHeader is enabled and showEnd is set to true (#2192)
 - Added the notification emitting from the weather module on infromation updated.
 
diff --git a/js/defaults.js b/js/defaults.js
index a897077a..b2edb8e4 100644
--- a/js/defaults.js
+++ b/js/defaults.js
@@ -25,6 +25,9 @@ const defaults = {
 	units: "metric",
 	zoom: 1,
 	customCss: "css/custom.css",
+	// httpHeaders used by helmet, see https://helmetjs.github.io/. You can add other/more object values by overriding this in config.js,
+	// e.g. you need to add `frameguard: false` for embedding MagicMirror in another website, see https://github.com/MichMich/MagicMirror/issues/2847
+	httpHeaders: { contentSecurityPolicy: false, crossOriginOpenerPolicy: false, crossOriginEmbedderPolicy: false, crossOriginResourcePolicy: false, originAgentCluster: false },
 
 	modules: [
 		{
diff --git a/js/server.js b/js/server.js
index 7a298cdb..3e73e99a 100644
--- a/js/server.js
+++ b/js/server.js
@@ -69,7 +69,7 @@ function Server(config, callback) {
 			res.status(403).send("This device is not allowed to access your mirror. <br> Please check your config.js or config.js.sample to change this.");
 		});
 	});
-	app.use(helmet({ contentSecurityPolicy: false, crossOriginOpenerPolicy: false, crossOriginEmbedderPolicy: false, crossOriginResourcePolicy: false, originAgentCluster: false }));
+	app.use(helmet(config.httpHeaders));
 
 	app.use("/js", express.static(__dirname));