diff --git a/admin/code/LeftAndMain.php b/admin/code/LeftAndMain.php
index 8ea523846..268229dd0 100644
--- a/admin/code/LeftAndMain.php
+++ b/admin/code/LeftAndMain.php
@@ -457,6 +457,7 @@ class LeftAndMain extends Controller implements PermissionProvider {
 
 		// Prevent clickjacking, see https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options
 		$this->response->addHeader('X-Frame-Options', 'SAMEORIGIN');
+		$this->response->addHeader('Vary', 'X-Requested-With');
 		
 		return $response;
 	}