diff --git a/src/app.ts b/src/app.ts
index c16343d..eecabe9 100644
--- a/src/app.ts
+++ b/src/app.ts
@@ -2,6 +2,7 @@ import express, { type Express } from 'express';
 import cors from 'cors';
 import compression from 'compression';
 import {Logger} from "tslog";
+import helmet from "helmet";
 
 
 const logger = new Logger({ name: "App" });
@@ -12,6 +13,14 @@ const app: Express = express();
 app.use(cors());
 app.options('*', cors());
 
+// enable xss sanitizer
+app.use(
+	helmet({
+		xXssProtection: true,
+	}),
+);
+app.use(helmet.xXssProtection())
+
 // parse json request body
 app.use(express.json());