diff --git a/conf/nginx.conf b/conf/nginx.conf
index 77a78f70e..8375febd0 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -10,8 +10,9 @@ http {
     server {
         include server-base.conf;
 
-        listen 443 default;
+        add_header Strict-Transport-Security "max-age=63072000; preload";
 
+        listen 443 default;
         ssl on;
         ssl_certificate ./stack/ssl.cert;
         ssl_certificate_key ./stack/ssl.key;
@@ -25,8 +26,9 @@ http {
         include proxy-protocol.conf;
         include server-base.conf;
 
-        listen 8443 default proxy_protocol;
+        add_header Strict-Transport-Security "max-age=63072000; preload";
 
+        listen 8443 default proxy_protocol;
         ssl on;
         ssl_certificate ./stack/ssl.cert;
         ssl_certificate_key ./stack/ssl.key;