diff --git a/roles/libravatar/templates/httpd/libravatar.conf b/roles/libravatar/templates/httpd/libravatar.conf
index 2eb5027f1c..5e87fde7e7 100644
--- a/roles/libravatar/templates/httpd/libravatar.conf
+++ b/roles/libravatar/templates/httpd/libravatar.conf
@@ -23,7 +23,7 @@ RewriteEngine on
     SSLCertificateFile    /etc/letsencrypt/live/{{ server_seccdn_name }}/cert.pem
     SSLCertificateKeyFile  /etc/letsencrypt/live/{{ server_seccdn_name }}/privkey.pem
     SSLCertificateChainFile /etc/letsencrypt/live/{{ server_seccdn_name }}/fullchain.pem
-    Header always add Strict-Transport-Security "max-age=31536000; preload"
+    Header always add Strict-Transport-Security "max-age=31536000; preload; includeSubDomains"
 
     RewriteRule ^/\.well-known/(.*) /var/www/html/.well-known/$1 [L]
 
@@ -36,7 +36,7 @@ RewriteEngine on
     SSLCertificateFile    /etc/letsencrypt/live/{{ server_name }}/cert.pem
     SSLCertificateKeyFile  /etc/letsencrypt/live/{{ server_name }}/privkey.pem
     SSLCertificateChainFile /etc/letsencrypt/live/{{ server_name }}/fullchain.pem
-    Header always add Strict-Transport-Security "max-age=31536000; preload"
+    Header always add Strict-Transport-Security "max-age=31536000; preload; includeSubDomains"
 
     RewriteRule ^/\.well-known/(.*) /var/www/html/.well-known/$1 [L]
 
@@ -49,7 +49,7 @@ RewriteEngine on
     SSLCertificateFile    /etc/letsencrypt/live/{{ server_name }}/cert.pem
     SSLCertificateKeyFile  /etc/letsencrypt/live/{{ server_name }}/privkey.pem
     SSLCertificateChainFile /etc/letsencrypt/live/{{ server_name }}/fullchain.pem
-    Header always add Strict-Transport-Security "max-age=31536000; preload"
+    Header always add Strict-Transport-Security "max-age=31536000; preload; includeSubDomains"
 
     RewriteRule "^/?(.*)" "https://{{ server_name }}/$1" [L,R=301,NE]
 </VirtualHost>