diff --git a/config/version.go b/config/version.go
index 46ff2ca..4cbf786 100644
--- a/config/version.go
+++ b/config/version.go
@@ -1,3 +1,3 @@
 package config
 
-var Version = "1.3"
+var Version = "1.3.1"
diff --git a/main.go b/main.go
index 28cda66..bb155a0 100644
--- a/main.go
+++ b/main.go
@@ -35,6 +35,7 @@ func main() {
 	r.Static("/static", "./public")
 
 	r.Use(gin.Recovery())
+	r.Use(middleware.XssPreventionHeaders())
 	r.Use(middleware.NoCacheMiddleware())
 	r.Use(middleware.OptionsMiddleware())
 	r.Use(middleware.Ratelimit())
diff --git a/src/middleware/xssHeaders.go b/src/middleware/xssHeaders.go
new file mode 100644
index 0000000..1213e1c
--- /dev/null
+++ b/src/middleware/xssHeaders.go
@@ -0,0 +1,12 @@
+package middleware
+
+import "github.com/gin-gonic/gin"
+
+func XssPreventionHeaders() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		c.Header("X-Content-Type-Options", "nosniff")
+		c.Header("X-Frame-Options", "DENY")
+		c.Header("X-XSS-Protection", "1; mode=block")
+		c.Next()
+	}
+}
diff --git a/src/routes/question.go b/src/routes/question.go
index 22e5eab..1104c7a 100644
--- a/src/routes/question.go
+++ b/src/routes/question.go
@@ -3,6 +3,7 @@ package routes
 import (
 	"anonymousoverflow/src/utils"
 	"fmt"
+	"html"
 	"html/template"
 	"os"
 	"regexp"
@@ -119,7 +120,7 @@ func ViewQuestion(c *gin.Context) {
 		answerBody := answerCell.Find("div.s-prose")
 		answerBodyHTML, _ := answerBody.Html()
 
-		voteCount := voteCell.Find("div.js-vote-count").Text()
+		voteCount := html.EscapeString(voteCell.Find("div.js-vote-count").Text())
 
 		if s.HasClass("accepted-answer") {
 			// add <div class="answer-meta accepted">Accepted Answer</div> to the top of the answer
@@ -150,9 +151,9 @@ func ViewQuestion(c *gin.Context) {
 
 			answerAuthor := answerAuthorDetails.Find("a").First()
 
-			answerAuthorURL = answerAuthor.AttrOr("href", "")
-			answerAuthorName = answerAuthor.Text()
-			answerTimestamp = s.Find("span.relativetime").Text()
+			answerAuthorURL = html.EscapeString(answerAuthor.AttrOr("href", ""))
+			answerAuthorName = html.EscapeString(answerAuthor.Text())
+			answerTimestamp = html.EscapeString(s.Find("span.relativetime").Text())
 		})
 
 		// append <div class="answer-author">Answered %s by %s</div> to the bottom of the answer
diff --git a/src/utils/comments.go b/src/utils/comments.go
index ede9c16..4317834 100644
--- a/src/utils/comments.go
+++ b/src/utils/comments.go
@@ -2,6 +2,7 @@ package utils
 
 import (
 	"fmt"
+	"html"
 	"strings"
 
 	"github.com/PuerkitoBio/goquery"
@@ -38,12 +39,12 @@ func FindAndReturnComments(inHtml string, postLayout *goquery.Selection) (outHtm
 				return
 			}
 
-			commentAuthorURL = commentAuthor.AttrOr("href", "")
+			commentAuthorURL = html.EscapeString(commentAuthor.AttrOr("href", ""))
 		}
 
-		commentTimestamp := commentBody.Find("span.relativetime-clean").Text()
+		commentTimestamp := html.EscapeString(commentBody.Find("span.relativetime-clean").Text())
 
-		comment := fmt.Sprintf(`<div class="comment-parent"><div class="comment"><div class="comment-body">%s</div><div class="comment-author">Commented %s by <a href="https://stackoverflow.com%s" target="_blank" rel="noopener noreferrer">%s</a>.</div></div></div>`, commentCopy, commentTimestamp, commentAuthorURL, commentAuthor.Text())
+		comment := fmt.Sprintf(`<div class="comment-parent"><div class="comment"><div class="comment-body">%s</div><div class="comment-author">Commented %s by <a href="https://stackoverflow.com%s" target="_blank" rel="noopener noreferrer">%s</a>.</div></div></div>`, commentCopy, commentTimestamp, commentAuthorURL, html.EscapeString(commentAuthor.Text()))
 
 		comments = append(comments, comment)