diff --git a/app.js b/app.js
index 9087b75494..dc54e80d1a 100755
--- a/app.js
+++ b/app.js
@@ -12,6 +12,7 @@ process.on('uncaughtException', function (err) {
 });
 
 var express = require('express'),
+  hpp = require('hpp'),
   accepts = require('accepts'),
   cookieParser = require('cookie-parser'),
   compress = require('compression'),
@@ -85,7 +86,7 @@ if (process.env.NODE_ENV === 'production') {
     hostname: 'www.freecodecamp.com'
   }));
 }
-
+app.use(hpp());
 app.use(compress());
 app.use(lessMiddleware(__dirname + '/public'));
 app.use(logger('dev'));
diff --git a/package.json b/package.json
index 1b5f3b319c..fa28b00da7 100644
--- a/package.json
+++ b/package.json
@@ -53,6 +53,7 @@
     "gulp-minify-css": "~0.5.1",
     "helmet": "~0.9.0",
     "helmet-csp": "^0.2.3",
+    "hpp": "^0.2.0",
     "jade": "~1.8.0",
     "less": "~1.7.5",
     "less-middleware": "~2.0.1",