diff --git a/supabase/functions/fetch-curseforge/index.ts b/supabase/functions/fetch-curseforge/index.ts
index a1e65d1..bf220d8 100644
--- a/supabase/functions/fetch-curseforge/index.ts
+++ b/supabase/functions/fetch-curseforge/index.ts
@@ -3,6 +3,9 @@ import { serve } from "https://deno.land/std@0.168.0/http/server.ts";
 const corsHeaders = {
   "Access-Control-Allow-Origin": "*",
   "Access-Control-Allow-Headers": "authorization, x-client-info, apikey, content-type, x-supabase-client-platform, x-supabase-client-platform-version, x-supabase-client-runtime, x-supabase-client-runtime-version",
+  "X-Content-Type-Options": "nosniff",
+  "X-Frame-Options": "DENY",
+  "Referrer-Policy": "strict-origin-when-cross-origin",
 };
 
 const CF_BASE = "https://api.curseforge.com/v1";
diff --git a/supabase/functions/fetch-mods/index.ts b/supabase/functions/fetch-mods/index.ts
index eade488..686d22d 100644
--- a/supabase/functions/fetch-mods/index.ts
+++ b/supabase/functions/fetch-mods/index.ts
@@ -3,6 +3,9 @@ import { serve } from "https://deno.land/std@0.168.0/http/server.ts";
 const corsHeaders = {
   "Access-Control-Allow-Origin": "*",
   "Access-Control-Allow-Headers": "authorization, x-client-info, apikey, content-type, x-supabase-client-platform, x-supabase-client-platform-version, x-supabase-client-runtime, x-supabase-client-runtime-version",
+  "X-Content-Type-Options": "nosniff",
+  "X-Frame-Options": "DENY",
+  "Referrer-Policy": "strict-origin-when-cross-origin",
 };
 
 const MODRINTH_BASE = "https://api.modrinth.com/v2";