diff --git a/handler/middleware/security_headers.go b/handler/middleware/security_headers.go
index a6a1d08..e1b2e01 100644
--- a/handler/middleware/security_headers.go
+++ b/handler/middleware/security_headers.go
@@ -34,6 +34,7 @@ func SecurityHeaders(serverSettings *types.Settings) func(http.Handler) http.Han
 			w.Header().Set("Permissions-Policy", "geolocation=(), camera=(), microphone=()")
 			w.Header().Set("Referrer-Policy", "strict-origin-when-cross-origin")
 			w.Header().Set("Permissions-Policy", "interest-cohort=()")
+			w.Header().Set("Strict-Transport-Security", "max-age=63072000; includeSubDomains; preload")
 
 			if r.Method == "OPTIONS" {
 				w.WriteHeader(http.StatusOK)