diff --git a/config/express.js b/config/express.js
index d83ee8fb92..a7c5877371 100755
--- a/config/express.js
+++ b/config/express.js
@@ -10,6 +10,7 @@ var express = require('express'),
 	config = require('./config'),
 	consolidate = require('consolidate'),
 	path = require('path'),
+	helmet = require('helmet'),
 	utilities = require('./utilities');
 
 module.exports = function(db) {
@@ -98,6 +99,8 @@ module.exports = function(db) {
 	// connect flash for flash messages
 	app.use(flash());
 
+	app.use(helmet.defaults());
+
 	// routes should be at the last
 	app.use(app.router);
 
diff --git a/package.json b/package.json
index 1f18533428..7421ae3256 100755
--- a/package.json
+++ b/package.json
@@ -33,7 +33,8 @@
 		"lodash": "~2.4.1",
 		"forever": "~0.10.11",
 		"bower": "~1.3.1",
-		"grunt-cli": "~0.1.13"
+		"grunt-cli": "~0.1.13",
+		"helmet": "git://github.com/evilpacket/helmet.git"
 	},
 	"devDependencies": {
 		"supertest": "~0.9.0",