diff --git a/app/server.js b/app/server.js
index 0f186b8..2c7972f 100755
--- a/app/server.js
+++ b/app/server.js
@@ -8,6 +8,7 @@ const http = require('http');
 const https = require('https');
 const socketIO = require('socket.io');
 const axios = require('axios');
+const helmet = require('helmet');
 const path = require('path');
 const yaml = require('js-yaml');
 const swaggerUi = require('swagger-ui-express');
@@ -112,6 +113,8 @@ server.listen(port, () => {
 // Handle WebSocket connections
 io.on('connection', handleConnection);
 
+app.use(helmet.xssFilter()); // Enable XSS protection
+app.use(helmet.noSniff()); // Enable content type sniffing prevention
 app.use(express.static(PUBLIC_DIR)); // Serve static files from the 'public' directory
 app.use(express.json()); // Api parse body data as json
 app.use(config.apiBasePath + '/docs', swaggerUi.serve, swaggerUi.setup(config.swaggerDocument)); // api docs
diff --git a/package.json b/package.json
index 6e414bf..44f2eb2 100755
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
     "name": "call-me",
-    "version": "1.0.70",
+    "version": "1.0.71",
     "description": "Your Go-To for Instant Video Calls",
     "author": "Miroslav Pejic - miroslav.pejic.85@gmail.com",
     "license": "AGPLv3",
@@ -23,6 +23,7 @@
         "colors": "^1.4.0",
         "dotenv": "^16.4.7",
         "express": "^4.21.2",
+        "helmet": "^8.0.0",
         "js-yaml": "4.1.0",
         "socket.io": "^4.8.1",
         "swagger-ui-express": "5.0.1"