diff --git a/src/entrypoint.sh b/src/entrypoint.sh
index 14e6adb..33c032d 100755
--- a/src/entrypoint.sh
+++ b/src/entrypoint.sh
@@ -15,6 +15,8 @@ USE_LISTEN_PORT=${LISTEN_PORT:-8080}
 #else
 content_server='server {\n'
 content_server=$content_server"    listen ${USE_LISTEN_PORT};\n"
+content_server=$content_server'    add_header X-Frame-Options deny always;\n'
+content_server=$content_server'    add_header X-Content-Type-Options nosniff always;\n'
 content_server=$content_server'    location / {\n'
 content_server=$content_server'        include uwsgi_params;\n'
 content_server=$content_server'        uwsgi_pass unix:///tmp/uwsgi.sock;\n'
@@ -29,6 +31,8 @@ content_server=$content_server'}\n'
 # https://nginx.org/en/docs/http/configuring_https_servers.html
 content_server=$content_server'server {\n'
 content_server=$content_server"    listen 443 ssl http2;\n"
+content_server=$content_server'    add_header X-Frame-Options deny always;\n'
+content_server=$content_server'    add_header X-Content-Type-Options nosniff always;\n'
 content_server=$content_server'    ssl_certificate      /app/selfsigned.crt;\n'
 content_server=$content_server'    ssl_certificate_key  /app/selfsigned.key;\n'
 content_server=$content_server'    ssl_protocols        TLSv1 TLSv1.1 TLSv1.2;\n'