diff --git a/app.js b/app.js
index e4f0ca8..5933b46 100644
--- a/app.js
+++ b/app.js
@@ -14,6 +14,30 @@ if (process.env.NODE_ENV == 'production') {
 	app.use(require('koa-logger')());
 }
 
+app.use(require('koa-helmet')({
+	hsts: false,
+	frameguard: {
+		action: 'deny'
+	},
+	referrerPolicy: {
+		policy: 'strict-origin'
+	},
+	contentSecurityPolicy: {
+		directives: {
+			'default-src': ["'none'"],
+			'base-uri': ["'none'"],
+			'connect-src': ["'self'"],
+			'font-src': ["'self'", 'https://fonts.gstatic.com'],
+			'form-action': ["'self'"],
+			'frame-ancestors': ["'none'"],
+			'img-src': ["'self'", 'https:', 'data:'],
+			'object-src': ["'none'"],
+			'script-src': ["'self'", 'https://cdnjs.cloudflare.com', 'https://code.jquery.com'],
+			'style-src': ["'self'", 'https://fonts.googleapis.com', 'https://cdnjs.cloudflare.com'],
+			'block-all-mixed-content': true
+		}
+	}
+}));
 app.use(require('koa-compress')());
 app.use(require('koa-static-cache')(path.join(__dirname, 'public'), {
 	maxAge: config.cacheAge
diff --git a/package.json b/package.json
index d5ca0a3..442e0e4 100644
--- a/package.json
+++ b/package.json
@@ -32,6 +32,7 @@
     "koa-compress": "^5.0.1",
     "koa-conditional-get": "^2.0.0",
     "koa-etag": "^3.0.0",
+    "koa-helmet": "^5.2.0",
     "koa-logger": "^3.2.1",
     "koa-router": "^9.1.0",
     "koa-static-cache": "^5.1.3",