diff --git a/js/cross_framing_protection.js b/js/cross_framing_protection.js
new file mode 100644
index 000000000..e69d162b3
--- /dev/null
+++ b/js/cross_framing_protection.js
@@ -0,0 +1,20 @@
+/* vim: set expandtab sw=4 ts=4 sts=4: */
+/**
+ * Conditionally called from libraries/header_scripts.inc.php
+ * if third-party framing is not allowed
+ *
+ */
+
+try {
+    // can't access this if on a different domain
+    var topdomain = top.document.domain;
+    // double-check just for sure
+    if (topdomain != self.document.domain) {
+        alert("Redirecting...");
+        top.location.replace(self.document.URL.substring(0, self.document.URL.lastIndexOf("/")+1));
+    }
+}
+catch(e) {
+    alert("Redirecting... (error: " + e);
+    top.location.replace(self.document.URL.substring(0, self.document.URL.lastIndexOf("/")+1));
+}
diff --git a/libraries/header_scripts.inc.php b/libraries/header_scripts.inc.php
index bcb6528b3..6a4aacb47 100644
--- a/libraries/header_scripts.inc.php
+++ b/libraries/header_scripts.inc.php
@@ -18,23 +18,7 @@ require_once './libraries/common.inc.php';
 // Cross-framing protection
 if ( false === $GLOBALS['cfg']['AllowThirdPartyFraming']) {
 ?>
-<script type="text/javascript">
-//<![CDATA[
-try {
-    // can't access this if on a different domain
-    var topdomain = top.document.domain;
-    // double-check just for sure
-    if (topdomain != self.document.domain) {
-        alert("Redirecting...");
-        top.location.replace(self.document.URL.substring(0, self.document.URL.lastIndexOf("/")+1));
-    }
-}
-catch(e) {
-    alert("Redirecting... (error: " + e);
-    top.location.replace(self.document.URL.substring(0, self.document.URL.lastIndexOf("/")+1));
-}
-//]]>
-</script>
+<script src="./js/cross_framing_protection.js" type="text/javascript"></script>
 <?php
 }
 // generate title