diff --git a/imageproxy.go b/imageproxy.go
index b6cb80d..7dc1098 100644
--- a/imageproxy.go
+++ b/imageproxy.go
@@ -252,6 +252,9 @@ func (p *Proxy) serveImage(w http.ResponseWriter, r *http.Request) {
 	// Enable CORS for 3rd party applications
 	w.Header().Set("Access-Control-Allow-Origin", "*")
 
+	// Add a Content-Security-Policy to prevent stored-XSS attacks via SVG files
+	w.Header().Set("Content-Security-Policy", "script-src 'none'")
+
 	w.WriteHeader(resp.StatusCode)
 	if _, err := io.Copy(w, resp.Body); err != nil {
 		p.logf("error copying response: %v", err)