diff --git a/roles/httpd/reverseproxy/templates/reversepassproxy.id.conf b/roles/httpd/reverseproxy/templates/reversepassproxy.id.conf
index 16259286c3..c453cb5358 100644
--- a/roles/httpd/reverseproxy/templates/reversepassproxy.id.conf
+++ b/roles/httpd/reverseproxy/templates/reversepassproxy.id.conf
@@ -2,6 +2,12 @@ RequestHeader unset Expect early
 RequestHeader set X-Forwarded-Scheme https early
 RequestHeader set X-Forwarded-Proto https early
 
+# Cannot redirect to HTTPS for *.id.fedoraproject.org or set 
+# "includeSubdomains", because relying parties need to be able to access 
+# username.id.fedoraproject.org via plain HTTP 
+Header always add Strict-Transport-Security "max-age=15768000; preload" 
+
+
 RewriteEngine on
 
 RewriteMap lowercase int:tolower