diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 8e79517656b..f9417c3a89b 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -473,6 +473,7 @@ class ApplicationController < ActionController::Base
     if !files_domain? && Setting.get('block_html_frames', 'true') == 'true' && !@embeddable
       headers['X-Frame-Options'] = 'SAMEORIGIN'
     end
+    headers['Strict-Transport-Security'] = 'max-age=31536000' if request.ssl?
     RequestContextGenerator.store_request_meta(request, @context)
     true
   end