diff --git a/ansible/plays/services/traefik/dynamic.yaml b/ansible/plays/services/traefik/dynamic.yaml
index 6ef2f15..7589b55 100644
--- a/ansible/plays/services/traefik/dynamic.yaml
+++ b/ansible/plays/services/traefik/dynamic.yaml
@@ -37,3 +37,13 @@ http:
       replacePathRegex:
         regex: "^/metrics$"
         replacement: "/"
+    hsts:
+      headers:
+        frameDeny: true
+        contentTypeNosniff: true
+        browserXssFilter: true
+        forceSTSHeader: true
+        sslRedirect: true
+        stsPreload: true
+        stsSeconds: 315360000
+        stsIncludeSubdomains: true
diff --git a/ansible/plays/services/traefik/traefik.yaml b/ansible/plays/services/traefik/traefik.yaml
index 23f60f5..679ff58 100644
--- a/ansible/plays/services/traefik/traefik.yaml
+++ b/ansible/plays/services/traefik/traefik.yaml
@@ -20,6 +20,8 @@ entryPoints:
           to: websecure
           scheme: https
           permanent: true
+      middlewares:
+        - "hsts@file"
   metrics:
     address: ":9091"
     http:
@@ -28,6 +30,8 @@ entryPoints:
   websecure:
     address: ":443"
     http:
+      middlewares:
+        - "hsts@file"
       tls:
         certResolver: letsencrypt