diff --git a/server/server.js b/server/server.js
index e3c838a0..e64a1d9c 100644
--- a/server/server.js
+++ b/server/server.js
@@ -32,6 +32,10 @@ app.engine(
 app.set('view engine', 'handlebars');
 
 app.use(helmet());
+app.use(helmet.hsts({
+  maxAge: 31536000,
+  force: conf.env === 'production'
+}));
 app.use(
   helmet.contentSecurityPolicy({
     directives: {