diff --git a/src/app/services/security.service.spec.ts b/src/app/services/security.service.spec.ts
new file mode 100644
index 00000000..949b6f8d
--- /dev/null
+++ b/src/app/services/security.service.spec.ts
@@ -0,0 +1,16 @@
+import { TestBed } from '@angular/core/testing';
+
+import { SecurityService } from './security.service';
+
+describe('SecurityService', () => {
+  let service: SecurityService;
+
+  beforeEach(() => {
+    TestBed.configureTestingModule({});
+    service = TestBed.inject(SecurityService);
+  });
+
+  it('should be created', () => {
+    expect(service).toBeTruthy();
+  });
+});
diff --git a/src/app/services/security.service.ts b/src/app/services/security.service.ts
new file mode 100644
index 00000000..3ad91433
--- /dev/null
+++ b/src/app/services/security.service.ts
@@ -0,0 +1,25 @@
+import { Injectable } from '@angular/core';
+import { DomSanitizer, SafeHtml } from '@angular/platform-browser';
+import { HttpHeaders } from '@angular/common/http';
+
+@Injectable({
+  providedIn: 'root'
+})
+export class SecurityService {
+  constructor(private sanitizer: DomSanitizer) {}
+
+  // Sanitiza HTML para evitar XSS
+  sanitizeHtml(content: string): SafeHtml {
+    return this.sanitizer.bypassSecurityTrustHtml(content);
+  }
+
+  // Retorna headers seguros para requisições HTTP
+  getSecureHeaders(): HttpHeaders {
+    return new HttpHeaders({
+      'Content-Security-Policy': "default-src 'self'",
+      'X-Content-Type-Options': 'nosniff',
+      'X-Frame-Options': 'DENY',
+      'X-XSS-Protection': '1; mode=block'
+    });
+  }
+}