diff --git a/app/server.js b/app/server.js
index f801a3e..04f3e61 100644
--- a/app/server.js
+++ b/app/server.js
@@ -8,7 +8,7 @@
  * @license For open source under AGPL-3.0
  * @license For private project or commercial purposes contact us at: license.mirotalk@gmail.com
  * @author  Miroslav Pejic - miroslav.pejic.85@gmail.com
- * @version 1.1.21
+ * @version 1.1.22
  */
 
 require('dotenv').config();
@@ -17,6 +17,7 @@ const { auth, requiresAuth } = require('express-openid-connect');
 const compression = require('compression');
 const cors = require('cors');
 const express = require('express');
+const helmet = require('helmet');
 const app = express();
 const path = require('path');
 const fs = require('fs');
@@ -180,6 +181,8 @@ const html = {
     disconnect: path.join(__dirname, '../', 'public/views/disconnect.html'),
 };
 
+app.use(helmet.xssFilter()); // Enable XSS protection
+app.use(helmet.noSniff()); // Enable content type sniffing prevention
 app.use(cors(corsOptions));
 app.use(compression());
 app.use(express.json()); // Api parse body data as json
diff --git a/package.json b/package.json
index 3ff64f3..7e94f61 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
     "name": "mirotalkbro",
-    "version": "1.1.21",
+    "version": "1.1.22",
     "description": "P2P WebRTC audio, video and screen live broadcast",
     "main": "app/server.js",
     "scripts": {
@@ -29,6 +29,7 @@
         "dotenv": "^16.4.7",
         "express": "^4.21.2",
         "express-openid-connect": "^2.17.1",
+        "helmet": "^8.0.0",
         "js-yaml": "^4.1.0",
         "ngrok": "^5.0.0-beta.2",
         "socket.io": "^4.8.1",