diff --git a/app/server.go b/app/server.go
index e4c79ae..466cdeb 100644
--- a/app/server.go
+++ b/app/server.go
@@ -2,6 +2,7 @@ package app
 
 import (
 	"brainbaking.com/go-jamming/rest"
+	"github.com/MagnusFrater/helmet"
 	"net/http"
 	"strconv"
 
@@ -31,11 +32,14 @@ func Start() {
 	r := mux.NewRouter()
 	config := common.Configure()
 	config.SetupDataDirs()
+	helmet := helmet.Default()
+
 	server := &server{router: r, conf: config}
 
 	server.routes()
 	http.Handle("/", r)
 	r.Use(LoggingMiddleware)
+	r.Use(helmet.Secure)
 	r.Use(NewRateLimiter(5, 10).Middleware)
 
 	log.Info().Int("port", server.conf.Port).Msg("Serving...")
diff --git a/go.mod b/go.mod
index 56b3c83..5215333 100644
--- a/go.mod
+++ b/go.mod
@@ -3,6 +3,7 @@ module brainbaking.com/go-jamming
 go 1.16
 
 require (
+	github.com/MagnusFrater/helmet v1.0.0
 	github.com/gorilla/mux v1.8.0
 	github.com/hashicorp/go-cleanhttp v0.5.1
 	github.com/hashicorp/go-retryablehttp v0.6.8
diff --git a/go.sum b/go.sum
index 113509a..6b61e27 100644
--- a/go.sum
+++ b/go.sum
@@ -1,3 +1,5 @@
+github.com/MagnusFrater/helmet v1.0.0 h1:xzKXDZIXg4ik05MCVHZN3mTOc+3Skzm552nujJ5PzYI=
+github.com/MagnusFrater/helmet v1.0.0/go.mod h1:giGWX/jKRWjf+jxEmKOXyBdtz7VmAK3SEbadVV2pdxA=
 github.com/PuerkitoBio/goquery v1.5.0/go.mod h1:qD2PgZ9lccMbQlc7eEOjaeRlFQON7xY8kdmcsrnKqMg=
 github.com/andybalholm/cascadia v1.0.0/go.mod h1:GsXiBklL0woXo1j/WYWtSYYC4ouU9PqHO0sqidkEA4Y=
 github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=