diff --git a/app/index.js b/app/index.js
index d685c229..6f2c17dc 100644
--- a/app/index.js
+++ b/app/index.js
@@ -5,6 +5,7 @@ import logger from 'morgan';
 import cookie_parser from 'cookie-parser';
 import body_parser from 'body-parser';
 import moment from 'moment';
+import helmet from 'helmet';
 import hogan from 'hogan-express';
 import session from 'express-session';
 import passport from 'passport';
@@ -85,6 +86,7 @@ function initialize(config) {
 
   // Setup Express
   app.use(logger('dev'));
+  app.use(helmet());
   app.use(body_parser.json());
   app.use(body_parser.urlencoded({ extended: false }));
   app.use(cookie_parser());
diff --git a/package-lock.json b/package-lock.json
index c8321f4b..4fb4b582 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -19,6 +19,7 @@
         "extend": "3.0.2",
         "fs-extra": "11.2.0",
         "glob": "10.4.2",
+        "helmet": "7.1.0",
         "hogan-express": "0.5.2",
         "js-yaml": "4.1.0",
         "lunr": "2.3.9",
@@ -4360,6 +4361,14 @@
         "node": ">= 0.4"
       }
     },
+    "node_modules/helmet": {
+      "version": "7.1.0",
+      "resolved": "https://registry.npmjs.org/helmet/-/helmet-7.1.0.tgz",
+      "integrity": "sha512-g+HZqgfbpXdCkme/Cd/mZkV0aV3BZZZSugecH03kl38m/Kmdx8jKjBikpDj2cr+Iynv4KpYEviojNdTJActJAg==",
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
     "node_modules/hexoid": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/hexoid/-/hexoid-1.0.0.tgz",
diff --git a/package.json b/package.json
index 610a7cc4..293e8e67 100644
--- a/package.json
+++ b/package.json
@@ -66,6 +66,7 @@
     "extend": "3.0.2",
     "fs-extra": "11.2.0",
     "glob": "10.4.2",
+    "helmet": "7.1.0",
     "hogan-express": "0.5.2",
     "js-yaml": "4.1.0",
     "lunr": "2.3.9",