diff --git a/Gemfile b/Gemfile
index bab09cb1..30b97dd2 100644
--- a/Gemfile
+++ b/Gemfile
@@ -4,6 +4,7 @@ source :rubygems
 
 gem 'puma'
 gem 'rack-ssl', '~> 1.3'
+gem 'rack-protection', '~> 1.3'
 gem 'rack-cache'
 gem 'sinatra'
 
diff --git a/Gemfile.lock b/Gemfile.lock
index c96df17b..cb477da7 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -71,7 +71,7 @@ GEM
     rack (1.4.1)
     rack-cache (1.2)
       rack (>= 0.4)
-    rack-protection (1.2.0)
+    rack-protection (1.3.2)
       rack
     rack-ssl (1.3.2)
       rack
@@ -128,6 +128,7 @@ DEPENDENCIES
   localeapp-handlebars_i18n
   puma
   rack-cache
+  rack-protection (~> 1.3)
   rack-ssl (~> 1.3)
   rake (~> 0.9.2)
   rake-pipeline!
diff --git a/lib/travis/web/app.rb b/lib/travis/web/app.rb
index 2146d8b7..2b66842c 100644
--- a/lib/travis/web/app.rb
+++ b/lib/travis/web/app.rb
@@ -1,6 +1,7 @@
 require 'rack'
 require 'rack/ssl'
 require 'rack/cache'
+require 'rack/protection'
 require 'delegate'
 require 'time'
 
@@ -130,6 +131,9 @@ class Travis::Web::App
       end
       builder.use Rack::Deflater
       builder.use Rack::Head
+      builder.use Rack::Protection::XssHeader
+      builder.use Rack::Protection::FrameOptions
+      builder.use Rack::Protection::PathTraversal
       builder.use Rack::ConditionalGet
       builder.use MobileRedirect
       builder.run router