diff --git a/src/main/java/org/owasp/wrongsecrets/SecurityHeaderAddingFilter.java b/src/main/java/org/owasp/wrongsecrets/SecurityHeaderAddingFilter.java
index 8e2e19b83..52cde0941 100644
--- a/src/main/java/org/owasp/wrongsecrets/SecurityHeaderAddingFilter.java
+++ b/src/main/java/org/owasp/wrongsecrets/SecurityHeaderAddingFilter.java
@@ -16,10 +16,11 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
     res.addHeader("Server", "WrongSecrets - Star us!");
     res.addHeader("X-Frame-Options", "SAMEORIGIN");
     res.addHeader("X-Content-Type-Options", "nosniff");
+    res.addHeader("Cross-Origin-Resource-Policy", "same-site");
     res.addHeader(
         "Content-Security-Policy",
         "default-src * 'self'; script-src  * 'self' 'unsafe-inline'; style-src * 'self'"
-            + " 'unsafe-inline'; img-src data:");
+            + " 'unsafe-inline'; img-src data:; form-action 'self'; frame-ancestors 'self'");
     chain.doFilter(request, res);
   }
 }