diff --git a/handler/default.go b/handler/default.go
index 2c7ad6e..c643ac6 100644
--- a/handler/default.go
+++ b/handler/default.go
@@ -39,5 +39,7 @@ func GetHandler(d *sql.DB, serverSettings *types.ServerSettings) http.Handler {
 		router,
 		middleware.Log,
 		middleware.ContentSecurityPolicy,
-		middleware.Cors(serverSettings))
+		middleware.Cors(serverSettings),
+		middleware.Corp,
+	)
 }
diff --git a/middleware/corp.go b/middleware/corp.go
new file mode 100644
index 0000000..5f1223e
--- /dev/null
+++ b/middleware/corp.go
@@ -0,0 +1,13 @@
+package middleware
+
+import (
+	"net/http"
+)
+
+func Corp(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Cross-Origin-Resource-Policy", "same-origin")
+
+		next.ServeHTTP(w, r)
+	})
+}