diff --git a/src/instances.cr b/src/instances.cr
index 51ac8f7..9af20f5 100644
--- a/src/instances.cr
+++ b/src/instances.cr
@@ -81,6 +81,13 @@ spawn do
   end
 end
 
+before_all do |env|
+  env.response.headers["X-XSS-Protection"] = "1; mode=block"
+  env.response.headers["X-Content-Type-Options"] = "nosniff"
+  env.response.headers["Referrer-Policy"] = "same-origin"
+  env.response.headers["Strict-Transport-Security"] = "max-age=31536000; includeSubDomains; preload"
+end
+
 get "/" do |env|
   sort_by = env.params.query["sort_by"]?
   sort_by ||= "users-reverse"