diff --git a/docker/nginx/conf.d/default.conf b/docker/nginx/conf.d/default.conf
index 85c267a5..232114e1 100644
--- a/docker/nginx/conf.d/default.conf
+++ b/docker/nginx/conf.d/default.conf
@@ -11,6 +11,8 @@ server {
     listen 443 ssl http2;
     server_name             chesslablab.org;
 
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+
     ssl_certificate         /etc/nginx/ssl/fullchain.pem;
     ssl_certificate_key     /etc/nginx/ssl/privkey.pem;
     ssl_ciphers             EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;