diff --git a/searx/settings.yml b/searx/settings.yml
index 54352bbf..5cab0a10 100644
--- a/searx/settings.yml
+++ b/searx/settings.yml
@@ -17,6 +17,12 @@ server:
     image_proxy : False # Proxying image results through searx
     http_protocol_version : "1.0"  # 1.0 and 1.1 are supported
     method: "POST" # POST queries are more secure as they don't show up in history but may cause problems when using Firefox containers
+    default_http_headers:
+        X-Content-Type-Options : nosniff
+        X-XSS-Protection : 1; mode=block
+        X-Download-Options : noopen
+        X-Robots-Tag : noindex, nofollow
+        Referrer-Policy : no-referrer
 
 ui:
     static_path : "" # Custom static path - leave it blank if you didn't change
diff --git a/searx/webapp.py b/searx/webapp.py
index 46d547d5..d68ae349 100755
--- a/searx/webapp.py
+++ b/searx/webapp.py
@@ -487,6 +487,16 @@ def pre_request():
             request.user_plugins.append(plugin)
 
 
+@app.after_request
+def add_default_headers(response):
+    # set default http headers
+    for header, value in settings['server'].get('default_http_headers', {}).items():
+        if header in response.headers:
+            continue
+        response.headers[header] = value
+    return response
+
+
 @app.after_request
 def post_request(response):
     total_time = time() - request.start_time