diff --git a/package.json b/package.json
index c1bc9ff2..dca5aed4 100644
--- a/package.json
+++ b/package.json
@@ -13,6 +13,7 @@
     "express": "^4.15.3",
     "express-handlebars": "^3.0.0",
     "fs-extra": "^3.0.1",
+    "helmet": "^3.6.1",
     "jquery": "^3.2.1",
     "mozlog": "^2.1.1",
     "node-fetch": "^1.7.1",
diff --git a/server/portal_server.js b/server/portal_server.js
index 03996dc3..52883425 100644
--- a/server/portal_server.js
+++ b/server/portal_server.js
@@ -3,6 +3,7 @@ const exphbs = require('express-handlebars');
 const busboy = require('connect-busboy');
 const path = require('path');
 const bodyParser = require('body-parser');
+const helmet = require('helmet');
 const bytes = require('bytes');
 const conf = require('./config.js');
 const storage = require('./storage.js');
@@ -18,9 +19,9 @@ const app = express();
 app.engine('handlebars', exphbs({ defaultLayout: 'main' }));
 app.set('view engine', 'handlebars');
 
+app.use(helmet());
 app.use(busboy());
 app.use(bodyParser.json());
-
 app.use(express.static(path.join(__dirname, '../public')));
 
 app.get('/', (req, res) => {