diff --git a/services/http/nginx.conf b/services/http/nginx.conf
index eb52bda..f48cb56 100644
--- a/services/http/nginx.conf
+++ b/services/http/nginx.conf
@@ -26,6 +26,12 @@ http {
     keepalive_timeout  65;
 
     #gzip  on;
+    
+    # Set HSTS if forwarded proto is https
+    map $http_x_forwarded_proto $hsts_header {
+      default "";
+      https "max-age=31536000; includeSubDomains;";
+    }
 
     server {
         listen       80 default_server;
@@ -60,9 +66,7 @@ http {
 
         sendfile off;
         
-        if ($http_x_forwarded_proto = "https") {
-            add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;";
-        }
+        add_header Strict-Transport-Security $hsts_header;
         add_header X-Content-Type-Options nosniff;
         add_header X-XSS-Protection "1; mode=block";
         add_header X-Robots-Tag none;