diff --git a/common.php b/common.php
index c1b9099..997fe8c 100644
--- a/common.php
+++ b/common.php
@@ -33,6 +33,8 @@ defined('AUTO_UPDATE_BACKUP_DIRECTORY') or define('AUTO_UPDATE_BACKUP_DIRECTORY'
 
 defined('RULES_DIRECTORY') or define('RULES_DIRECTORY', ROOT_DIRECTORY.DIRECTORY_SEPARATOR.'rules');
 
+defined('ENABLE_HSTS') or define('ENABLE_HSTS', true);
+
 require __DIR__.'/check_setup.php';
 
 PicoDb\Database::bootstrap('db', function() {
diff --git a/controllers/common.php b/controllers/common.php
index da68444..07c3104 100644
--- a/controllers/common.php
+++ b/controllers/common.php
@@ -55,6 +55,10 @@ Router\before(function($action) {
     Response\xframe();
     Response\xss();
     Response\nosniff();
+
+    if (ENABLE_HSTS && Helper\is_secure_connection()) {
+        Response\hsts();
+    }
 });
 
 // Show help