diff --git a/src/main/resources/props/sample.props.template b/src/main/resources/props/sample.props.template
index 36387c7a..7d9b2ddf 100644
--- a/src/main/resources/props/sample.props.template
+++ b/src/main/resources/props/sample.props.template
@@ -185,4 +185,6 @@ session_inactivity_timeout_in_minutes = 30
 
 
 # Please note that depricated name ot this props is: language_tag
-default_locale = en_GB
\ No newline at end of file
+default_locale = en_GB
+
+set_response_header_Set-Cookie = "Path=/; HttpOnly; Secure"
\ No newline at end of file
diff --git a/src/main/scala/bootstrap/liftweb/Boot.scala b/src/main/scala/bootstrap/liftweb/Boot.scala
index 2033c34d..6eb439b8 100755
--- a/src/main/scala/bootstrap/liftweb/Boot.scala
+++ b/src/main/scala/bootstrap/liftweb/Boot.scala
@@ -247,5 +247,16 @@ class Boot extends MdcLoggable{
       // Do not change default value
     }
 
+    val setCookieHeader: (String, String) = Props.get("set_response_header_Set-Cookie") match {
+      case Full(value) => ("Set-Cookie", value)
+      case _ => ("Set-Cookie", "Path=/; HttpOnly; Secure")
+    }
+    //for XSS vulnerability, set X-Frame-Options header as DENY
+    LiftRules.supplementalHeaders.default.set(
+      ("X-Frame-Options", "DENY") ::
+        setCookieHeader ::
+        Nil
+    )
+
   }
 }