diff --git a/scripts/lua/header.lp b/scripts/lua/header.lp
index 46334395..7f53b19f 100644
--- a/scripts/lua/header.lp
+++ b/scripts/lua/header.lp
@@ -40,6 +40,20 @@ function in_array (val, tab)
     return false
 end
 
+-- Function to escape HTML characters
+function escape_html(str)
+    -- Replace special characters with HTML entities
+    str = str:gsub("&", "&")
+    str = str:gsub("<", "&lt;")
+    str = str:gsub(">", "&gt;")
+    str = str:gsub('"', "&quot;")
+    str = str:gsub("'", "&apos;")
+    return str
+end
+
+-- Sanitize hostname
+hostname = escape_html(hostname)
+
 -- Variable to check if user is already authenticated
 is_authenticated = mg.request_info.is_authenticated