diff --git a/roles/anitya/frontend/files/0_releasemonitoring.conf b/roles/anitya/frontend/files/0_releasemonitoring.conf
index 1ea3c01028..56a0bfb470 100644
--- a/roles/anitya/frontend/files/0_releasemonitoring.conf
+++ b/roles/anitya/frontend/files/0_releasemonitoring.conf
@@ -9,7 +9,7 @@
    SSLEngine on
    SSLProtocol all -SSLv2 -SSLv3
    # Use secure TLSv1.1 and TLSv1.2 ciphers
-   Header add Strict-Transport-Security "max-age=15768000"
+   Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
 
    SSLCertificateFile /etc/pki/tls/certs/release-monitoring.org.cert
    SSLCertificateChainFile /etc/pki/tls/certs/release-monitoring.org.intermediate.cert
diff --git a/roles/copr/frontend/files/httpd/coprs_ssl.conf b/roles/copr/frontend/files/httpd/coprs_ssl.conf
index 26040bbb4c..f142e1060f 100644
--- a/roles/copr/frontend/files/httpd/coprs_ssl.conf
+++ b/roles/copr/frontend/files/httpd/coprs_ssl.conf
@@ -4,7 +4,7 @@
     # Use secure TLSv1.1 and TLSv1.2 ciphers
     SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:RC4-SHA:AES128-SHA:HIGH:!aNULL:!MD5
     SSLHonorCipherOrder on
-    Header add Strict-Transport-Security "max-age=15768000"
+    Header always add Strict-Transport-Security "max-age=15768000; preload"
 
     SSLCertificateFile /etc/pki/tls/ca.crt
     SSLCertificateKeyFile /etc/pki/tls/private/ca.key
diff --git a/roles/httpd/reverseproxy/templates/reversepassproxy.id.conf b/roles/httpd/reverseproxy/templates/reversepassproxy.id.conf
index bfbff4f379..c94b9f77dd 100644
--- a/roles/httpd/reverseproxy/templates/reversepassproxy.id.conf
+++ b/roles/httpd/reverseproxy/templates/reversepassproxy.id.conf
@@ -26,7 +26,7 @@ RewriteRule ^([a-z0-9-]+)\.id\.fedoraproject\.org/.* {{proxyurl}}/openid/id/$1/
 RewriteCond %{HTTPS} off
 RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L]
 
-Header add Strict-Transport-Security "max-age=15768000"
+Header always add Strict-Transport-Security "max-age=15768000; preload"
 
 
 RewriteRule ^(.+) - [PT]