diff --git a/cmd/drone-server/server.go b/cmd/drone-server/server.go
index c53488b8e..d9c081ff8 100644
--- a/cmd/drone-server/server.go
+++ b/cmd/drone-server/server.go
@@ -565,7 +565,7 @@ func server(c *cli.Context) error {
 	// start the server with lets encrypt enabled
 	// listen on ports 443 and 80
 	g.Go(func() error {
-		return http.ListenAndServe(":http", handler)
+		return http.ListenAndServe(":http", http.HandlerFunc(redirect))
 	})
 
 	g.Go(func() error {
@@ -681,6 +681,9 @@ func redirect(w http.ResponseWriter, req *http.Request) {
 	serverHost = strings.TrimPrefix(serverHost, "https://")
 	req.URL.Scheme = "https"
 	req.URL.Host = serverHost
+
+	w.Header().Set("Strict-Transport-Security", "max-age=31536000")
+
 	http.Redirect(w, req, req.URL.String(), http.StatusMovedPermanently)
 }