diff --git a/src/frontend/src/flows/authorize/postMessageInterface.ts b/src/frontend/src/flows/authorize/postMessageInterface.ts
index 6e858b8637..7c4859bebf 100644
--- a/src/frontend/src/flows/authorize/postMessageInterface.ts
+++ b/src/frontend/src/flows/authorize/postMessageInterface.ts
@@ -131,6 +131,11 @@ const waitForRequest = (): Promise<{
 }> => {
   return new Promise((resolve) => {
     const messageEventHandler = (evnt: MessageEvent) => {
+      if (evnt.origin === window.location.origin) {
+        // Ignore messages from own origin (e.g. from browser extensions)
+        console.warn("Ignoring message from own origin", evnt);
+        return;
+      }
       const message: unknown = evnt.data;
       const result = AuthRequest.safeParse(message);
 
diff --git a/src/frontend/src/flows/verifiableCredentials/postMessageInterface.ts b/src/frontend/src/flows/verifiableCredentials/postMessageInterface.ts
index e2a5c55ef0..871efeeb01 100644
--- a/src/frontend/src/flows/verifiableCredentials/postMessageInterface.ts
+++ b/src/frontend/src/flows/verifiableCredentials/postMessageInterface.ts
@@ -71,6 +71,11 @@ const waitForRequest = (): Promise<{
 }> => {
   return new Promise((resolve) => {
     const messageEventHandler = (evnt: MessageEvent) => {
+      if (evnt.origin === window.location.origin) {
+        // Ignore messages from own origin (e.g. from browser extensions)
+        console.warn("Ignoring message from own origin", evnt);
+        return;
+      }
       const message: unknown = evnt.data;
       const result = VcFlowRequest.safeParse(message);