diff --git a/website/config.ru b/website/config.ru
index fd8f01d6c5..b1a3c74b25 100644
--- a/website/config.ru
+++ b/website/config.ru
@@ -3,6 +3,17 @@ require "rack/contrib/not_found"
 require "rack/contrib/response_headers"
 require "rack/contrib/static_cache"
 require "rack/contrib/try_static"
+require "rack/protection"
+
+# Protect against various bad things
+use Rack::Protection::JsonCsrf
+use Rack::Protection::RemoteReferrer
+use Rack::Protection::HttpOrigin
+use Rack::Protection::EscapedParams
+use Rack::Protection::XSSHeader
+use Rack::Protection::FrameOptions
+use Rack::Protection::PathTraversal
+use Rack::Protection::IPSpoofing
 
 # Properly compress the output if the client can handle it.
 use Rack::Deflater