diff --git a/views/main.go b/views/main.go
index 475a50b..01af20a 100644
--- a/views/main.go
+++ b/views/main.go
@@ -11,6 +11,8 @@ func GetGinEngine(cfg *config.Config, db *gorm.DB) *gin.Engine {
 	engine.LoadHTMLGlob("templates/*")
 	engine.Static("/assets", "./assets")
 
+	engine.Use(SecurityHeadersMiddleware)
+
 	engine.GET("/signin", func(c *gin.Context) {
 		ShowLoginForm(c)
 	})
diff --git a/views/security.go b/views/security.go
new file mode 100644
index 0000000..731d395
--- /dev/null
+++ b/views/security.go
@@ -0,0 +1,14 @@
+package views
+
+import (
+	"github.com/gin-gonic/gin"
+)
+
+// Adds several headers to the response to improve security.
+// For example, headers prevent embedding a site and passing information about the referrer.
+func SecurityHeadersMiddleware(c *gin.Context) {
+	c.Writer.Header().Set("X-Frame-Options", "SAMEORIGIN")
+	c.Writer.Header().Set("X-Content-Type-Options", "nosniff")
+	c.Writer.Header().Set("Referrer-Policy", "same-origin")
+	c.Writer.Header().Set("Content-Security-Policy", "default-src 'self'")
+}