diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index 96dfc4d9a84..24d0c5d473f 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -110,6 +110,10 @@ Upgrade Notes
 * SOLR-13817: Deprecate legacy SolrCache implementations. Users are encouraged to transition their
   configurations to use org.apache.solr.search.CaffeineCache instead. (ab)
 
+* SOLR-13982: Some security-related http headers such as Content-Security-Policy are now set. If you have custom html served
+  up by Solr's http server that contains inline javascript, it will no longer execute in modern browsers. You can fix your JS
+  code to not run inline anymore, or edit etc/jetty.xml and weaken the CSP, or remove/alter the headers with a reverse proxy. (rmuir)
+
 New Features
 ---------------------
 * SOLR-13821: A Package store to store and load package artifacts (noble, Ishan Chattopadhyaya)
diff --git a/solr/server/etc/jetty.xml b/solr/server/etc/jetty.xml
index 1f6de775a49..0a0172a9a06 100644
--- a/solr/server/etc/jetty.xml
+++ b/solr/server/etc/jetty.xml
@@ -82,13 +82,52 @@
   </New>
 
     <!-- =========================================================== -->
-    <!-- RewriteHandle to redirect root to Solr                      -->
+    <!-- RewriteHandle to set headers, redirect root to Solr         -->
     <!-- =========================================================== -->
      <New id="RewriteHandler" class="org.eclipse.jetty.rewrite.handler.RewriteHandler">
       <Set name="rewriteRequestURI">true</Set>
       <Set name="rewritePathInfo">false</Set>
       <Set name="originalPathAttribute">requestedPath</Set>
 
+      <!-- security-related headers -->
+      <Call name="addRule">
+        <Arg>
+          <New class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule">
+            <Set name="pattern">*</Set>
+            <Set name="name">Content-Security-Policy</Set>
+            <Set name="value">default-src 'none'; base-uri 'none'; form-action 'self'; frame-ancestors 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval'; img-src 'self'; media-src 'self'; font-src 'self'; connect-src 'self';</Set>
+          </New>
+        </Arg>
+      </Call>
+      <Call name="addRule">
+        <Arg>
+          <New class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule">
+            <Set name="pattern">*</Set>
+            <Set name="name">X-Content-Type-Options</Set>
+            <Set name="value">nosniff</Set>
+          </New>
+        </Arg>
+      </Call>
+      <Call name="addRule">
+        <Arg>
+          <New class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule">
+            <Set name="pattern">*</Set>
+            <Set name="name">X-Frame-Options</Set>
+            <Set name="value">SAMEORIGIN</Set>
+          </New>
+        </Arg>
+      </Call>
+      <Call name="addRule">
+        <Arg>
+          <New class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule">
+            <Set name="pattern">*</Set>
+            <Set name="name">X-XSS-Protection</Set>
+            <Set name="value">1; mode=block</Set>
+          </New>
+        </Arg>
+      </Call>
+
+      <!-- redirect root to solr -->
       <Call name="addRule">
         <Arg>
           <New class="org.eclipse.jetty.rewrite.handler.RedirectRegexRule">