diff --git a/SECURITY.md b/SECURITY.md
index 236e5275..b06b9273 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -21,6 +21,20 @@ Upon receiving a security report, the process involves:
 
 ## Security Practices
 
+### Application Security
+
+privacy.sexy adopts a defense in depth strategy to protect users on multiple layers:
+
+- **Link Protection:**
+  privacy.sexy ensures each external link has special attributes for your privacy and security.
+  These attributes block the new site from accessing the privacy.sexy page, increasing your online safety and privacy.
+- **Content Security Policies (CSP):**
+  privacy.sexy actively follows security guidelines from the Open Web Application Security Project (OWASP) at strictest level.
+  This approach protects against attacks like Cross Site Scripting (XSS) and data injection.
+- **Context Isolation:**
+  The desktop application isolates different code sections based on their access level.
+  This separation prevents attackers from introducing harmful code into the app, known as injection attacks.
+
 ### Update Security and Integrity
 
 privacy.sexy benefits from automated update processes including security tests. Automated deployments from source code ensure immediate and secure updates, mirroring the latest source code. This aligns the deployed application with the expected source code, enhancing transparency and trust. For more details, see [CI/CD Documentation](./docs/ci-cd.md).
@@ -29,7 +43,7 @@ Every desktop update undergoes a thorough verification process. Updates are cryp
 
 ### Testing
 
-privacy.sexy employs a comprehensive testing strategy that integrates extensive automated testing with manual community-driven tests.
+privacy.sexy's testing approach includes a mix of automated and community-driven tests.
 Details on testing practices are available in the [Testing Documentation](./docs/tests.md).
 
 ## Support
diff --git a/docs/desktop-vs-web-features.md b/docs/desktop-vs-web-features.md
index 035b216f..16529169 100644
--- a/docs/desktop-vs-web-features.md
+++ b/docs/desktop-vs-web-features.md
@@ -35,7 +35,7 @@ The desktop version ensures secure delivery through cryptographic signatures and
 
 > **Note for macOS users:** On macOS, the desktop version's auto-update process involves manual steps due to Apple's code signing costs.
 > Users get notified about updates but might need to complete the installation manually.
-> Your [support through donations](https://github.com/sponsors/undergroundwires) can help improve this process ❤️.
+> Consider [donating](https://github.com/sponsors/undergroundwires) to help improve this process ❤️.
 
 ### Logging
 
diff --git a/src/presentation/index.html b/src/presentation/index.html
index 2feef83f..4e4b7ebe 100644
--- a/src/presentation/index.html
+++ b/src/presentation/index.html
@@ -9,6 +9,21 @@
   <meta name="description"
     content="Web tool to generate scripts for enforcing privacy & security best-practices such as stopping data collection of Windows and different softwares on it." />
   <link rel="icon" href="/favicon.ico">
+
+  <!-- Security meta tags based on OWASP recommendations, see https://owasp.org/www-project-secure-headers/ci/headers_add.json -->
+  <meta
+    http-equiv="Content-Security-Policy"
+    content="
+      default-src 'self';
+      style-src 'self' 'unsafe-inline';
+      img-src 'self' data:;
+      form-action 'self';
+      object-src 'none';
+      upgrade-insecure-requests;
+      block-all-mixed-content;
+    "
+  >
+  <meta name="referrer" content="no-referrer">
 </head>
 
 <body>