diff --git a/docker/ploughshares/app.py b/docker/ploughshares/app.py
index a2ab421..dbc55e2 100644
--- a/docker/ploughshares/app.py
+++ b/docker/ploughshares/app.py
@@ -72,6 +72,7 @@ if APP_DOMAIN:
     else:
         csp['form-action'] = [csp['form-action'], APP_DOMAIN]
 
+# Configure Permissions-Policy (formerly Feature-Policy)
 permissions_policy = {
     'accelerometer': '()',
     'camera': '()',
@@ -87,6 +88,13 @@ permissions_policy = {
 force_https = APP_ENV != 'development'
 logger.info(f"Environment: {APP_ENV}, Force HTTPS: {force_https}")
 
+# Additional security headers
+additional_headers = {
+    'Cross-Origin-Embedder-Policy': 'require-corp',
+    'Cross-Origin-Resource-Policy': 'same-origin',
+    'Cross-Origin-Opener-Policy': 'same-origin'
+}
+
 # Initialize Talisman
 talisman = Talisman(
     app,
@@ -105,6 +113,13 @@ talisman = Talisman(
     session_cookie_http_only=True
 )
 
+# Add additional security headers that Talisman doesn't support natively
+@app.after_request
+def add_security_headers(response):
+    for header, value in additional_headers.items():
+        response.headers[header] = value
+    return response
+
 # Set locale for currency formatting
 try:
     locale.setlocale(locale.LC_ALL, 'en_US.UTF-8')