diff --git a/app.js b/app.js
index 1fb0227703..caad35488a 100644
--- a/app.js
+++ b/app.js
@@ -9,9 +9,9 @@ var session = require('express-session');
 var bodyParser = require('body-parser');
 var logger = require('morgan');
 var errorHandler = require('errorhandler');
-var csrf = require('lusca').csrf();
 var methodOverride = require('method-override');
 var bodyParser = require('body-parser');
+var helmet = require('helmet');
 
 var _ = require('lodash');
 var MongoStore = require('connect-mongo')(session);
@@ -55,12 +55,6 @@ mongoose.connection.on('error', function() {
   console.error('MongoDB Connection Error. Please make sure that MongoDB is running.');
 });
 
-/**
- * CSRF whitelist.
- */
-
-var csrfExclude = ['/url1', '/url2'];
-
 /**
  * Express configuration.
  */
@@ -91,12 +85,23 @@ app.use(session({
 app.use(passport.initialize());
 app.use(passport.session());
 app.use(flash());
-
-app.use(function(req, res, next) {
-    // CSRF protection.
-    if (_.contains(csrfExclude, req.path)) { return next(); }
-    csrf(req, res, next);
-});
+app.disable('x-powered-by');
+app.use(helmet.xssFilter());
+app.use(helmet.xframe());
+app.use(helmet.contentSecurityPolicy({
+    defaultSrc: ["'self'", 'freecodecamp.com'],
+    scriptSrc: ['*.google-analytics.com', '*.optimizely.com', '*.googleapis.com', '*.twitter.com'],
+    styleSrc: ["'self'", '*.twitter.com'],
+    imgSrc: ["'self'", '*.amazonaws.com', '*.twitter.com', '*.twimg.com'],
+    fontSrc: ["'self", '*.googleapis.com', '*.twitter.com'],
+    mediaSrc: ['*.amazonaws.com', '*.twitter'],
+    frameSrc: ['*.gitter.im', '*.vimeo.com'],
+//    sandbox: ['allow-forms', 'allow-scripts'],
+//    reportUri: '/report-violation',
+    reportOnly: false, // set to true if you only want to report errors
+    setAllHeaders: false, // set to true if you want to set all headers
+    safari5: false // set to true if you want to force buggy CSP in Safari 5
+}));
 
 app.use(function(req, res, next) {
     // Make user object available in templates.
diff --git a/controllers/resources.js b/controllers/resources.js
index a1c435a8e9..0f49ab47db 100644
--- a/controllers/resources.js
+++ b/controllers/resources.js
@@ -1,3 +1,12 @@
+
+var User = require('../models/User');
+
+var totalUsers = User.count({}, function( err, count){
+    count;
+});
+
+//var usersOverTenChallenges = User.where: "this.challengesCompleted && this.challengesCompleted.length >= 10"
+
 /**
  * GET /
  * Resources.
@@ -15,6 +24,14 @@ exports.privacy = function(req, res) {
     });
 }
 
+exports.statistics = function(req, res) {
+    res.render('statistics',  {
+        title: 'Code Camper Statistics',
+        totalUsers: totalUsers,
+        //usersOverTenChallenges: usersOverTenChallenges
+    });
+}
+
 exports.jqueryExercises = function(req, res) {
     res.render('jquery-exercises',  {
         title: 'jQuery Exercises'
diff --git a/package.json b/package.json
index c5375c698a..a01acd0109 100644
--- a/package.json
+++ b/package.json
@@ -28,17 +28,17 @@
     "express-validator": "^2.7.0",
     "fbgraph": "^0.3.0",
     "github-api": "^0.7.0",
-    "helmet": "^0.5.2",
+    "helmet": "^0.5.3",
     "instagram-node": "^0.5.1",
     "jade": "^1.8.0",
     "lastfm": "^0.9.2",
     "less": "^1.7.5",
     "lodash": "^2.4.1",
-    "newrelic": "^1.13.3",
     "lusca": "^1.0.2",
     "method-override": "^2.3.0",
     "mongoose": "^3.8.19",
     "morgan": "^1.5.0",
+    "newrelic": "^1.13.3",
     "node-foursquare": "^0.2.1",
     "node-linkedin": "^0.3.4",
     "nodemailer": "^1.3.0",
@@ -51,8 +51,8 @@
     "passport-local": "^1.0.0",
     "passport-oauth": "^1.0.0",
     "passport-twitter": "^1.0.2",
-    "sitemap": "^0.7.4",
     "request": "^2.49.0",
+    "sitemap": "^0.7.4",
     "stripe": "^3.0.2",
     "tumblr.js": "^0.0.4",
     "twilio": "^1.9.0",
diff --git a/views/partials/meta.jade b/views/partials/meta.jade
index 0579774f8f..1d6ea3088f 100644
--- a/views/partials/meta.jade
+++ b/views/partials/meta.jade
@@ -5,6 +5,7 @@ meta(name='csrf-token', content=_csrf)
 meta(name='keywords', content='learn to code, learn how to code, code, coding,  software engineer, software developer, mean stack, pair programming, node.js, angular.js, express.js, mongoDB, coding bootcamp')
 meta(content="Learn to code at freecodecamp.com. Free Code Camp is a free coding bootcamp for busy people. Learn JavaScript, build a portfolio, and get great references - all by helping nonprofits!", property="og:title")
 meta(content="FreeCodeCamp", property="og:site_name")
+meta(name='twitter:widgets:csp', content='on')
 meta(content="http://www.freecodecamp.com", property="og:url")
 meta(content="Learn to code at freecodecamp.com. Free Code Camp is a free coding bootcamp for busy people. Learn JavaScript, build a portfolio, and get great references - all by helping nonprofits!", property="og:description")
 meta(content="https://pbs.twimg.com/profile_images/522961310212833280/XE6vGAaO.jpeg", property="og:image")