diff --git a/.env.sample b/.env.sample
index 4853632..3cbefb7 100644
--- a/.env.sample
+++ b/.env.sample
@@ -81,3 +81,9 @@ DEFAULT_QUOTA="10 GB"
 
 #COMPOSE_FILE="$COMPOSE_FILE:compose.fulltextsearch.yml"
 #SECRET_ELASTICSEARCH_PASSWORD_VERSION=v1
+
+# HSTS Options
+# Uncomment this line to enable HSTS: https://docs.nextcloud.com/server/30/admin_manual/installation/harden_server.html
+#HSTS_ENABLED=1
+# Uncomment this line to add the `preload` part
+#HSTS_PRELOAD=1
\ No newline at end of file
diff --git a/abra.sh b/abra.sh
index 4c1d7fa..fc26ab2 100644
--- a/abra.sh
+++ b/abra.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 export FPM_TUNE_VERSION=v5
-export NGINX_CONF_VERSION=v7
+export NGINX_CONF_VERSION=v8
 export MY_CNF_VERSION=v5
 export ENTRYPOINT_VERSION=v3
 export ENTRYPOINT_WHITEBOARD_VERSION=v1
diff --git a/compose.yml b/compose.yml
index f3835a3..8505279 100644
--- a/compose.yml
+++ b/compose.yml
@@ -12,6 +12,8 @@ services:
       - X_FRAME_OPTIONS_ENABLED
       - DOMAIN
       - STACK_NAME
+      - HSTS_ENABLED
+      - HSTS_PRELOAD
     volumes:
       - nextcloud:/var/www/html/
       - nextapps:/var/www/html/custom_apps:cached
diff --git a/nginx.conf.tmpl b/nginx.conf.tmpl
index 5a727cd..fc82a44 100644
--- a/nginx.conf.tmpl
+++ b/nginx.conf.tmpl
@@ -45,6 +45,13 @@ http {
         # could take several months.
         #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
 
+        {{ if eq (env "HSTS_ENABLED") "1" }}
+        {{ if eq (env "HSTS_PRELOAD") "1" }}
+        add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
+        {{ else }}
+        add_header Strict-Transport-Security "max-age=15768000; includeSubDomains;" always;
+        {{ end }}
+        {{ end }}
 
         # set max upload size
         client_max_body_size 512M;