diff --git a/etc/nginx/sites-enabled/host b/etc/nginx/sites-enabled/host
index 1a562445..1219cc81 100644
--- a/etc/nginx/sites-enabled/host
+++ b/etc/nginx/sites-enabled/host
@@ -31,7 +31,7 @@ server {
     ssl_prefer_server_ciphers on;
 
     # Enable this if your want HSTS (recommended)
-    add_header Strict-Transport-Security max-age=15768000;
+    add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
 
     # OCSP Stapling ---
     # fetch OCSP records from URL in ssl_certificate and cache them
diff --git a/etc/nginx/sites-enabled/rproxy b/etc/nginx/sites-enabled/rproxy
index 67587b9a..108a4097 100644
--- a/etc/nginx/sites-enabled/rproxy
+++ b/etc/nginx/sites-enabled/rproxy
@@ -4,6 +4,9 @@ server {
     listen 443;
     listen [::]:443;
 
+    # Enable this if your want HSTS (recommended)
+    add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
+
     server_name something.example.org;
 
 # NOTE: For X-Real-IP & X-Forwarded-For see ../conf.d/rproxy.conf
diff --git a/etc/nginx/sites-enabled/vhost b/etc/nginx/sites-enabled/vhost
index 427866cd..76b4bdcd 100644
--- a/etc/nginx/sites-enabled/vhost
+++ b/etc/nginx/sites-enabled/vhost
@@ -6,6 +6,9 @@ server {
     listen 443;
     listen [::]:443;
 
+    # Enable this if your want HSTS (recommended)
+    add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
+
     root /var/www/vhostdir;
     index index.php index.html index.htm;