diff --git a/lib/insecure-server.js b/lib/insecure-server.js
index 251673b..93a6f40 100644
--- a/lib/insecure-server.js
+++ b/lib/insecure-server.js
@@ -6,6 +6,8 @@ module.exports.create = function (securePort, insecurePort, redirects) {
   var escapeRe;
 
   function redirectHttps(req, res) {
+    res.setHeader('Strict-Transport-Security', 'max-age=10886400; includeSubDomains; preload');
+
     var insecureRedirects;
     var host = req.headers.host || '';
     var url = req.url;
diff --git a/lib/vhost-sni-server.js b/lib/vhost-sni-server.js
index 3f7301a..74a4bfd 100644
--- a/lib/vhost-sni-server.js
+++ b/lib/vhost-sni-server.js
@@ -132,6 +132,7 @@ module.exports.create = function (securePort, certsPath, vhostsdir) {
 
         console.log('[log] [once] Preparing mount for', domaininfo.hostname + '/' + domaininfo.dirpathname);
         domainMergeMap[domaininfo.hostname].mountsMap['/' + domaininfo.dirpathname] = function (req, res, next) {
+          res.setHeader('Strict-Transport-Security', 'max-age=10886400; includeSubDomains; preload');
           function loadThatApp() {
             var time = Date.now();