diff --git a/frappe/website/doctype/web_form/web_form.json b/frappe/website/doctype/web_form/web_form.json
index 9509ceae0a..5586beb207 100644
--- a/frappe/website/doctype/web_form/web_form.json
+++ b/frappe/website/doctype/web_form/web_form.json
@@ -31,6 +31,7 @@
   "allow_comments",
   "show_attachments",
   "allow_incomplete",
+  "allowed_embedding_domains",
   "section_break_2",
   "max_attachment_size",
   "condition_section",
@@ -401,13 +402,19 @@
    "fieldname": "hide_footer",
    "fieldtype": "Check",
    "label": "Hide footer"
+  },
+  {
+   "description": "Specify the domains or origins that are permitted to embed this form. Enter one domain per line (e.g., https://example.com). If no domains are specified, the form can only be embedded on the same origin.",
+   "fieldname": "allowed_embedding_domains",
+   "fieldtype": "Small Text",
+   "label": "Allowed Embedding Domains"
   }
  ],
  "has_web_view": 1,
  "icon": "icon-edit",
  "is_published_field": "published",
  "links": [],
- "modified": "2024-09-11 14:28:39.391595",
+ "modified": "2024-10-18 11:19:53.969109",
  "modified_by": "Administrator",
  "module": "Website",
  "name": "Web Form",
diff --git a/frappe/website/doctype/web_form/web_form.py b/frappe/website/doctype/web_form/web_form.py
index 03c87b68e7..3c52f4af5b 100644
--- a/frappe/website/doctype/web_form/web_form.py
+++ b/frappe/website/doctype/web_form/web_form.py
@@ -34,6 +34,7 @@ class WebForm(WebsiteGenerator):
 		allow_incomplete: DF.Check
 		allow_multiple: DF.Check
 		allow_print: DF.Check
+		allowed_embedding_domains: DF.SmallText | None
 		anonymous: DF.Check
 		apply_document_permissions: DF.Check
 		banner_image: DF.AttachImage | None
diff --git a/frappe/website/page_renderers/web_form.py b/frappe/website/page_renderers/web_form.py
index 74996e4a78..2567451bd3 100644
--- a/frappe/website/page_renderers/web_form.py
+++ b/frappe/website/page_renderers/web_form.py
@@ -1,3 +1,4 @@
+import frappe
 from frappe.website.page_renderers.document_page import DocumentPage
 from frappe.website.router import get_page_info_from_web_form
 
@@ -8,6 +9,14 @@ class WebFormPage(DocumentPage):
 		if web_form:
 			self.doctype = "Web Form"
 			self.docname = web_form.name
+			self.set_headers()
 			return True
 		else:
 			return False
+
+	def set_headers(self):
+		doc = frappe.get_cached_doc(self.doctype, self.docname)
+		allowed_embedding_domains = doc.allowed_embedding_domains
+		if allowed_embedding_domains:
+			allowed_embedding_domains = allowed_embedding_domains.replace("\n", " ")
+			self.headers = {"Content-Security-Policy": f"frame-ancestors 'self' {allowed_embedding_domains}"}