diff --git a/bin/lamassu-admin-server b/bin/lamassu-admin-server
index 41ec7f68..4ddd755a 100755
--- a/bin/lamassu-admin-server
+++ b/bin/lamassu-admin-server
@@ -12,6 +12,7 @@ const cookieParser = require('cookie-parser')
 const argv = require('minimist')(process.argv.slice(2))
 const got = require('got')
 const morgan = require('morgan')
+const helmet = require('helmet')
 
 const accounts = require('../lib/admin/accounts')
 const machines = require('../lib/admin/machines')
@@ -55,6 +56,9 @@ function dbNotify () {
 const skip = (req, res) => req.path === '/api/status/' && res.statusCode === 200
 
 app.use(morgan('dev', {skip}))
+app.use(helmet({
+  noCache: true
+}))
 app.use(cookieParser())
 app.use(register)
 // if (!devMode) app.use(authenticate)
diff --git a/public/index.html b/public/index.html
index 1a098d67..27e6afed 100644
--- a/public/index.html
+++ b/public/index.html
@@ -1,17 +1,12 @@
 <html>
   <head>
     <base href="/">
-  </head>
-  <body>
+    <link rel="stylesheet" href="bower_components/gridism/gridism.css">
+    <link rel="stylesheet" href="styles.css">
     <script src="bower_components/webcomponentsjs/webcomponents.min.js"></script>
     <script src="bower_components/qrjs/qr.js"></script>
     <script src="bower_components/qr-code/src/qr-code.js"></script>
     <script src="elm.js"></script>
-    <script>
-      Elm.Main.fullscreen()
-    </script>
-    <link rel="stylesheet" href="bower_components/gridism/gridism.css">
-    <link rel="stylesheet" href="styles.css">
     <style>
       @keyframes fadein {
           from { opacity: 0; }
@@ -28,5 +23,10 @@
       }
     </style>
     <meta name="viewport" content="width=device-width,initial-scale=1">
+  </head>
+  <body>
+    <script>
+      Elm.Main.fullscreen()
+    </script>
   </body>
 </html>