diff --git a/lib/headers.php b/lib/headers.php
index d368270..6536ab4 100644
--- a/lib/headers.php
+++ b/lib/headers.php
@@ -25,9 +25,11 @@ if (($_GET || $_POST) && (!isset($_REQUEST["csrf"]) || $_REQUEST["csrf"] !== $_S
 		POST: ".xssClean(var_export($_POST, true),"html"));
 }
 
-// Set our security related headers
-header("X-Frame-Options: SAMEORIGIN");					// Only frames of same origin
-header("X-XSS-Protection: 1; mode=block");				// Turn on IE8-9 XSS prevention tools
-// header("X-Content-Security-Policy: allow 'self'");			// Only allows JS on same domain & not inline to run
-header("X-Content-Type-Options: nosniff");				// Prevent MIME based attacks
+if (!headers_sent()) {
+	// Set our security related headers
+	header("X-Frame-Options: SAMEORIGIN");					// Only frames of same origin
+	header("X-XSS-Protection: 1; mode=block");				// Turn on IE8-9 XSS prevention tools
+	// header("X-Content-Security-Policy: allow 'self'");			// Only allows JS on same domain & not inline to run
+	header("X-Content-Type-Options: nosniff");				// Prevent MIME based attacks
+}
 ?>
\ No newline at end of file