diff --git a/apparmor.d/profiles-s-z/curl b/apparmor.d/profiles-s-z/curl
new file mode 100644
index 000000000..1d1f13b13
--- /dev/null
+++ b/apparmor.d/profiles-s-z/curl
@@ -0,0 +1,31 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2025 valoq <valoq@mailbox.org>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/4.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{bin}/curl
+profile curl @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/ssl_certs>
+  include <abstractions/p11-kit>
+  include <abstractions/nameservice-strict>
+  include <abstractions/user-download-strict>
+
+  network inet dgram,
+  network inet6 dgram,
+  network inet stream,
+  network inet6 stream,
+  network netlink raw,
+
+  @{exec_path} mr,
+
+  owner @{HOME}/.curlrc r,
+  owner @{user_config_dirs}/curlrc r,
+
+  include if exists <local/curl>
+}
+
+# vim:syntax=apparmor
diff --git a/apparmor.d/profiles-s-z/wget b/apparmor.d/profiles-s-z/wget
new file mode 100644
index 000000000..d62d04f95
--- /dev/null
+++ b/apparmor.d/profiles-s-z/wget
@@ -0,0 +1,32 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2025 valoq <valoq@mailbox.org>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/4.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{bin}/wget
+profile wget @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/ssl_certs>
+  include <abstractions/p11-kit>
+  include <abstractions/nameservice-strict>
+  include <abstractions/user-download-strict>
+
+  network inet dgram,
+  network inet6 dgram,
+  network inet stream,
+  network inet6 stream,
+  network netlink raw,
+
+  @{exec_path} mr,
+
+  /etc/wgetrc r,
+
+  owner @{HOME}/.wget-hsts rwk,
+
+  include if exists <local/wget>
+}
+
+# vim:syntax=apparmor