diff --git a/app.js b/app.js
index 699067b4fb..2e4aaeb981 100644
--- a/app.js
+++ b/app.js
@@ -102,6 +102,7 @@ app.use(flash());
 app.disable('x-powered-by');
 
 app.use(helmet.xssFilter());
+app.use(helmet.noSniff());
 app.use(helmet.xframe());
 
 var trusted = [
diff --git a/config/passport.js b/config/passport.js
index 635362d1b0..197bbfb0f6 100644
--- a/config/passport.js
+++ b/config/passport.js
@@ -206,10 +206,11 @@ passport.use(new TwitterStrategy(secrets.twitter, function(req, accessToken, tok
         User.findById(req.user.id, function(err, user) {
           user.twitter = profile.id;
           user.tokens.push({ kind: 'twitter', accessToken: accessToken, tokenSecret: tokenSecret });
+          user.profile.username = user.profile.username || profile.username.toLowerCase();
           user.profile.name = user.profile.name || profile.displayName;
           user.profile.location = user.profile.location || profile._json.location;
           user.profile.picture = user.profile.picture || profile._json.profile_image_url_https.replace('_normal', '');
-          user.profile.twitterHandle = user.profile.twitterHandle || profile.username;
+          user.profile.twitterHandle = user.profile.twitterHandle || profile.username.toLowerCase();
           user.save(function(err) {
             req.flash('info', { msg: 'Twitter account has been linked.' });
             done(err, user);
@@ -222,13 +223,13 @@ passport.use(new TwitterStrategy(secrets.twitter, function(req, accessToken, tok
     User.findOne({ twitter: profile.id }, function(err, existingUser) {
       if (existingUser) return done(null, existingUser);
       var user = new User();
-      user.profile.username = profile.username;
+      user.profile.username = profile.username.toLowerCase();
       user.twitter = profile.id;
       user.tokens.push({ kind: 'twitter', accessToken: accessToken, tokenSecret: tokenSecret });
       user.profile.name = profile.displayName;
       user.profile.location = profile._json.location;
       user.profile.picture = profile._json.profile_image_url_https.replace('_normal', '');
-      user.profile.twitterHandle = user.profile.twitterHandle || profile.username;
+      user.profile.twitterHandle = user.profile.twitterHandle || profile.username.toLowerCase();
       user.save(function(err) {
         done(err, user);
       });
diff --git a/controllers/user.js b/controllers/user.js
index ba4468e55c..9d6a8ad6b4 100644
--- a/controllers/user.js
+++ b/controllers/user.js
@@ -173,7 +173,7 @@ exports.getAccount = function(req, res) {
  */
 
 exports.returnUser = function(req, res, next) {
-  User.find({'profile.username': req.params.username}, function(err, user) {
+  User.find({'profile.username': req.params.username.toLowerCase()}, function(err, user) {
     if (err) { debug('Username err: ', err); next(err); }
     if (user[0]) {
       var user = user[0];
diff --git a/public/js/main.js b/public/js/main.js
index 95072493b9..56e9befd41 100644
--- a/public/js/main.js
+++ b/public/js/main.js
@@ -47,6 +47,9 @@ profileValidation.controller('profileValidationController', ['$scope', '$http',
     function($scope, $http) {
         $http.get('/account/api').success(function(data) {
             $scope.user = data.user;
+            $scope.user.profile.username = $scope.user.profile.username.toLowerCase();
+            $scope.user.email = $scope.user.email.toLowerCase();
+            $scope.user.profile.twitterHandle = $scope.user.profile.twitterHandle.toLowerCase();
         });
     }
 ]);
diff --git a/views/layout.jade b/views/layout.jade
index 3aaabbc3dd..8ff03c4c46 100644
--- a/views/layout.jade
+++ b/views/layout.jade
@@ -1,14 +1,14 @@
 doctype html
 html(ng-app='profileValidation')
   head
-    script(src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js")
-    script(src="https://ajax.googleapis.com/ajax/libs/angularjs/1.3.8/angular.min.js")
-    script(src="https://cdnjs.cloudflare.com/ajax/libs/angular-ui-bootstrap/0.12.0/ui-bootstrap-tpls.min.js")
-    script(src='https://maxcdn.bootstrapcdn.com/bootstrap/3.3.1/js/bootstrap.min.js')
-    link(rel='shortcut icon', href='https://s3.amazonaws.com/freecodecamp/favicon.ico')
-    link(rel='stylesheet', href='https://maxcdn.bootstrapcdn.com/bootstrap/3.3.1/css/bootstrap.min.css')
-    link(rel='stylesheet', href='https://maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css')
-    link(rel='stylesheet', href='https://code.ionicframework.com/ionicons/2.0.0/css/ionicons.min.css')
+    script(src="//ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js")
+    script(src="//ajax.googleapis.com/ajax/libs/angularjs/1.3.8/angular.min.js")
+    script(src="//cdnjs.cloudflare.com/ajax/libs/angular-ui-bootstrap/0.12.0/ui-bootstrap-tpls.min.js")
+    script(src='//maxcdn.bootstrapcdn.com/bootstrap/3.3.1/js/bootstrap.min.js')
+    link(rel='shortcut icon', href='//s3.amazonaws.com/freecodecamp/favicon.ico')
+    link(rel='stylesheet', href='//maxcdn.bootstrapcdn.com/bootstrap/3.3.1/css/bootstrap.min.css')
+    link(rel='stylesheet', href='//maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css')
+    link(rel='stylesheet', href='//code.ionicframework.com/ionicons/2.0.0/css/ionicons.min.css')
     include partials/meta
     title #{title} | Free Code Camp
     meta(charset='utf-8')