diff --git a/README.md b/README.md
index 6ad24cf919..7c21f3985e 100644
--- a/README.md
+++ b/README.md
@@ -48,6 +48,16 @@ Eventually you'll probably diverge enough that you'll want to delete the base
 branch.
 
 
+Features
+--------
+Quick and dirty feature list:
+
+* Django
+* SHA-512 passwords
+* X-Frame-Options: DENY by default
+* Celery support
+
+
 License
 -------
 This software is licensed under the [New BSD License][BSD]. For more
diff --git a/requirements/prod.txt b/requirements/prod.txt
index 16d3c5bfd2..6d417982ee 100644
--- a/requirements/prod.txt
+++ b/requirements/prod.txt
@@ -1,5 +1,8 @@
 -e git://github.com/django/django@36c82ac8#egg=django
 
+# Various tidbits
+-e git://github.com/jsocol/commonware.git#egg=commonware
+
 # Security
 -e git://github.com/fwenzel/django-sha2.git#egg=django-sha2
 
diff --git a/settings.py b/settings.py
index 1349c8e7d0..601a9a8f05 100644
--- a/settings.py
+++ b/settings.py
@@ -85,6 +85,8 @@ MIDDLEWARE_CLASSES = (
     'django.middleware.csrf.CsrfViewMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
+
+    'commonware.middleware.FrameOptionsHeader',
 )
 
 ROOT_URLCONF = '%s.urls' % ROOT_PACKAGE
diff --git a/vendor b/vendor
index 3d8c9c888a..bf1d0c3c7e 160000
--- a/vendor
+++ b/vendor
@@ -1 +1 @@
-Subproject commit 3d8c9c888a948b46fd03655eca5e6d89655a5c34
+Subproject commit bf1d0c3c7ed35fe7530a38196fdf2303e8454018