diff --git a/internal/middlewares/headers.go b/internal/middlewares/headers.go
new file mode 100644
index 0000000..7246059
--- /dev/null
+++ b/internal/middlewares/headers.go
@@ -0,0 +1,16 @@
+package middlewares
+
+import "github.com/gin-gonic/gin"
+
+func SecurityHeadersMiddleware() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		c.Header("X-Frame-Options", "DENY")
+		c.Header("X-Content-Type-Options", "nosniff")
+		c.Header("Referrer-Policy", "strict-origin-when-cross-origin")
+		c.Header("Strict-Transport-Security", "max-age=31536000; includeSubDomains")
+		c.Header("X-XSS-Protection", "1; mode=block")
+		c.Header("Feature-Policy", "geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'")
+		c.Header("Permissions-Policy", "geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()")
+		c.Next()
+	}
+}
diff --git a/internal/server/server.go b/internal/server/server.go
index e565e09..e05bbf2 100644
--- a/internal/server/server.go
+++ b/internal/server/server.go
@@ -55,6 +55,7 @@ func Run() {
 	router.Use(gin.Logger())
 	router.Use(middlewares.CORSMiddleware())
 	router.Use(middlewares.CSPMiddleware())
+	router.Use(middlewares.SecurityHeadersMiddleware())
 
 	limiter := middlewares.NewIPRateLimiter(config.Security.Ratelimits.Limit, config.Security.Ratelimits.Burst)
 	router.Use(middlewares.RateLimitMiddleware(limiter))