diff --git a/backend/src/main.rs b/backend/src/main.rs
index 54c439a..a2706a0 100644
--- a/backend/src/main.rs
+++ b/backend/src/main.rs
@@ -9,7 +9,9 @@ mod voting;
 
 use std::net::SocketAddr;
 use std::sync::Arc;
-use axum::Extension;
+use axum::{middleware, Extension};
+use axum::http::{HeaderName, HeaderValue};
+use axum::response::Response;
 use chrono::{Datelike, Timelike, Utc, Weekday};
 use serde_json::json;
 use thiserror::Error;
@@ -205,7 +207,8 @@ async fn run() -> Result<(), StartupError> {
         .layer(Extension(plugins))
         .layer(Extension(config.clone()))
         .layer(cors)
-        .layer(TraceLayer::new_for_http());
+        .layer(TraceLayer::new_for_http())
+        .layer(middleware::map_response(add_security_headers));
 
     let host: std::net::IpAddr = config.server_host.parse()
         .unwrap_or_else(|_| std::net::IpAddr::V4(std::net::Ipv4Addr::new(127, 0, 0, 1)));
@@ -219,3 +222,30 @@ async fn run() -> Result<(), StartupError> {
 
     Ok(())
 }
+
+async fn add_security_headers(mut res: Response) -> Response {
+    let headers = res.headers_mut();
+
+    if !headers.contains_key("x-content-type-options") {
+        headers.insert(
+            HeaderName::from_static("x-content-type-options"),
+            HeaderValue::from_static("nosniff"),
+        );
+    }
+
+    if !headers.contains_key("x-frame-options") {
+        headers.insert(
+            HeaderName::from_static("x-frame-options"),
+            HeaderValue::from_static("DENY"),
+        );
+    }
+
+    if !headers.contains_key("referrer-policy") {
+        headers.insert(
+            HeaderName::from_static("referrer-policy"),
+            HeaderValue::from_static("no-referrer"),
+        );
+    }
+
+    res
+}
diff --git a/scripts/dev-start.ps1 b/scripts/dev-start.ps1
index d3b17e5..13767c6 100644
--- a/scripts/dev-start.ps1
+++ b/scripts/dev-start.ps1
@@ -53,11 +53,21 @@ try {
 Write-Host "Starting PostgreSQL..."
 $composeFile = Join-Path $root 'compose/dev.yml'
 
-podman-compose -f $composeFile up -d 2>$null
-$composeExitCode = $LASTEXITCODE
+$composeExitCode = 0
+try {
+    podman-compose -f $composeFile up -d 2>$null
+    $composeExitCode = $LASTEXITCODE
+} catch {
+    $composeExitCode = $LASTEXITCODE
+}
 if ($composeExitCode -ne 0) {
-    podman container exists likwid-postgres 2>$null
-    $containerExistsExitCode = $LASTEXITCODE
+    $containerExistsExitCode = 0
+    try {
+        podman container exists likwid-postgres 2>$null
+        $containerExistsExitCode = $LASTEXITCODE
+    } catch {
+        $containerExistsExitCode = $LASTEXITCODE
+    }
     if ($containerExistsExitCode -ne 0) {
         throw "Failed to start PostgreSQL via podman-compose (exit code: $composeExitCode)."
     }
@@ -75,7 +85,7 @@ for ($i = 0; $i -lt $maxWait; $i++) {
 Write-Host "Running database migrations..."
 Push-Location (Join-Path $root 'backend')
 try {
-    sqlx migrate run
+    sqlx migrate run --ignore-missing
     if ($LASTEXITCODE -ne 0) {
         throw "Failed to run database migrations (sqlx migrate run)."
     }