diff --git a/.htaccess b/.htaccess
index bef5869dd2fdf6a38d9769fee0c8e7ab8d683a2d..1e2eb4bc3d81caec11f10d4b10151ba9d903fa5d 100644
--- a/.htaccess
+++ b/.htaccess
@@ -182,3 +182,10 @@
 ## http://developer.yahoo.com/performance/rules.html#etags
 
     #FileETag none
+
+############################################
+## Add custom headers
+<IfModule mod_headers.c>
+    Header set X-Content-Type-Options: nosniff
+    Header set X-XSS-Protection: '1; mode=block'
+</IfModule>
diff --git a/nginx.conf.sample b/nginx.conf.sample
index cab0b839ffe10f8c87a46dc97baccafa50f93a64..596c08612b2c0e0543077ec84d5461c5d83d7ed3 100644
--- a/nginx.conf.sample
+++ b/nginx.conf.sample
@@ -24,6 +24,9 @@ index index.php;
 autoindex off;
 charset off;
 
+add_header 'X-Content-Type-Options' 'nosniff';
+add_header 'X-XSS-Protection' '1; mode=block';
+
 location /setup {
     root $MAGE_ROOT;