diff --git a/deploy/.htaccess b/deploy/.htaccess
index 0646b0a..6033990 100644
--- a/deploy/.htaccess
+++ b/deploy/.htaccess
@@ -1,5 +1,9 @@
 RewriteEngine On
 Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"
+Header always append X-Frame-Options DENY
+Header set X-Content-Type-Options nosniff
+Header set X-XSS-Protection "1; mode=block"
+Header set Referrer-Policy same-origin
 
 # Redirect http -> https
 RewriteCond %{HTTP:X-HTTPS-SESSION} !^yes$