diff --git a/client/docker/appconf.conf b/client/docker/appconf.conf
index d0eb2139..7c5b2387 100644
--- a/client/docker/appconf.conf
+++ b/client/docker/appconf.conf
@@ -57,3 +57,7 @@ DocumentRoot /var/www/
 Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
 Header set Expires "Sun, 8 Jun 1986 08:06:00 GMT"
 </FilesMatch>
+
+Header always set X-Frame-Options "DENY"
+Header always set Referrer-Policy "origin-when-cross-origin"
+Header always set X-Content-Type-Options "nosniff"
diff --git a/welcome/docker/appconf.conf b/welcome/docker/appconf.conf
index 85b31181..f8738f45 100644
--- a/welcome/docker/appconf.conf
+++ b/welcome/docker/appconf.conf
@@ -52,3 +52,6 @@ Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
 Header set Expires "Sun, 8 Jun 1986 08:06:00 GMT"
 </FilesMatch>
 
+Header always set X-Frame-Options "DENY"
+Header always set Referrer-Policy "origin-when-cross-origin"
+Header always set X-Content-Type-Options "nosniff"