diff --git a/functions/index.js b/functions/index.js
index e70263f..c5fe887 100644
--- a/functions/index.js
+++ b/functions/index.js
@@ -5,6 +5,7 @@ const axios = require("axios");
 const path = require("path");
 const functions = require("firebase-functions");
 const cors = require("cors");
+const helmet = require('helmet');
 const app = express();
 const { sendEmail } = require("./sendEmail.js");
 
@@ -27,6 +28,7 @@ app.use(
 app.use(express.json());
 app.use(express.urlencoded({ extended: true }));
 app.use(express.static(path.join(__dirname, "")));
+app.use(helmet());
 
 app.use((req, res, next) => {
   const userAgent = req.headers["user-agent"];
diff --git a/functions/package-lock.json b/functions/package-lock.json
index 13a919b..31d3285 100644
--- a/functions/package-lock.json
+++ b/functions/package-lock.json
@@ -12,6 +12,7 @@
         "express": "^4.18.2",
         "firebase-admin": "^12.1.0",
         "firebase-functions": "^5.0.1",
+        "helmet": "^7.1.0",
         "nodemailer": "^6.9.7"
       },
       "devDependencies": {
@@ -3724,6 +3725,14 @@
         "node": ">= 0.4"
       }
     },
+    "node_modules/helmet": {
+      "version": "7.1.0",
+      "resolved": "https://registry.npmjs.org/helmet/-/helmet-7.1.0.tgz",
+      "integrity": "sha512-g+HZqgfbpXdCkme/Cd/mZkV0aV3BZZZSugecH03kl38m/Kmdx8jKjBikpDj2cr+Iynv4KpYEviojNdTJActJAg==",
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
     "node_modules/html-entities": {
       "version": "2.5.2",
       "resolved": "https://registry.npmjs.org/html-entities/-/html-entities-2.5.2.tgz",
diff --git a/functions/package.json b/functions/package.json
index e7ed7b5..443dd32 100644
--- a/functions/package.json
+++ b/functions/package.json
@@ -20,6 +20,7 @@
     "express": "^4.18.2",
     "firebase-admin": "^12.1.0",
     "firebase-functions": "^5.0.1",
+    "helmet": "^7.1.0",
     "nodemailer": "^6.9.7"
   },
   "devDependencies": {