diff --git a/CHANGES.md b/CHANGES.md
index 42e3293c5c..d19c8490b7 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -96,6 +96,7 @@
 ## Changes
 - Released `appwrite/console` [2.0.2](https://github.com/appwrite/console/releases/tag/2.0.2)
 - Make `region` parameter optional with default for project create [#4763](https://github.com/appwrite/appwrite/pull/4763)
+- Add security headers to the console endpoint [#4758](https://github.com/appwrite/appwrite/pull/4758)
 
 ## Bugs
 - Fix default oauth paths [#4725](https://github.com/appwrite/appwrite/pull/4725)
diff --git a/app/controllers/web/console.php b/app/controllers/web/console.php
index 59aad607c1..9fbdfe9b00 100644
--- a/app/controllers/web/console.php
+++ b/app/controllers/web/console.php
@@ -1,8 +1,21 @@
 <?php
 
+use Appwrite\Utopia\Request;
 use Appwrite\Utopia\Response;
 use Utopia\App;
 
+App::init()
+    ->groups(['web'])
+    ->inject('request')
+    ->inject('response')
+    ->action(function (Request $request, Response $response) {
+        $response
+            ->addHeader('X-Frame-Options', 'SAMEORIGIN') // Avoid console and homepage from showing in iframes
+            ->addHeader('X-XSS-Protection', '1; mode=block; report=/v1/xss?url=' . \urlencode($request->getURI()))
+            ->addHeader('X-UA-Compatible', 'IE=Edge') // Deny IE browsers from going into quirks mode
+        ;
+    });
+
 App::get('/console/*')
     ->alias('/')
     ->alias('auth/*')
diff --git a/app/controllers/web/home.php b/app/controllers/web/home.php
index da1307e5ea..e90f3ec25b 100644
--- a/app/controllers/web/home.php
+++ b/app/controllers/web/home.php
@@ -6,7 +6,7 @@ use Utopia\Config\Config;
 
 App::get('/versions')
     ->desc('Get Version')
-    ->groups(['web', 'home'])
+    ->groups(['home'])
     ->label('scope', 'public')
     ->inject('response')
     ->action(function (Response $response) {