diff --git a/backend/routes/knowledgeBase.js b/backend/routes/knowledgeBase.js
index 2898714..6362bcc 100644
--- a/backend/routes/knowledgeBase.js
+++ b/backend/routes/knowledgeBase.js
@@ -241,6 +241,9 @@ function createKnowledgeBaseRouter(db, upload) {
       res.setHeader('Content-Type', contentType);
       // Use inline instead of attachment to allow browser to display
       res.setHeader('Content-Disposition', `inline; filename="${row.file_name}"`);
+      // Allow iframe embedding from frontend origin
+      res.removeHeader('X-Frame-Options');
+      res.setHeader('Content-Security-Policy', "frame-ancestors 'self' http://71.85.90.9:3000 http://localhost:3000");
       res.sendFile(row.file_path);
     });
   });