diff --git a/CHANGELOG.md b/CHANGELOG.md
index 00f5f21c..b3278931 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,7 @@
   * **1.4 (not yet released)**
     * ADDED: Translation for Estonian
     * ADDED: new HTTP headers improving security (#765)
+    * ADDED: Opt-out of federated learning of cohorts (FLoC) (#776)
     * CHANGED: Language selection cookie only transmitted over HTTPS (#472)
   * **1.3.5 (2021-04-05)**
     * ADDED: Translation for Hebrew, Lithuanian, Indonesian and Catalan
diff --git a/lib/Controller.php b/lib/Controller.php
index 5b81cd89..2df522a2 100644
--- a/lib/Controller.php
+++ b/lib/Controller.php
@@ -349,6 +349,7 @@ class Controller
         header('Cross-Origin-Resource-Policy: same-origin');
         header('Cross-Origin-Embedder-Policy: require-corp');
         header('Cross-Origin-Opener-Policy: same-origin');
+        header('Permissions-Policy: interest-cohort=()');
         header('Referrer-Policy: no-referrer');
         header('X-Content-Type-Options: nosniff');
         header('X-Frame-Options: deny');