diff --git a/src/server.ts b/src/server.ts
index d3ac4b0..0187abb 100644
--- a/src/server.ts
+++ b/src/server.ts
@@ -29,7 +29,9 @@ export default function createServer(opts : Options) : express.Application {
 
     if (!opts.allowHttp) {
       app.use(helmet.hsts({
-          maxAge: 5184000
+          maxAge: 5184000,
+          setIf: () => true,
+          includeSubdomains: false
       }));
     }
 
diff --git a/tests/server.test.ts b/tests/server.test.ts
index af3f74f..1f63cc6 100644
--- a/tests/server.test.ts
+++ b/tests/server.test.ts
@@ -49,7 +49,8 @@ describe('Server', function () {
         dirList: false,
         serveDir: 'site/',
         opbeat: false,
-        open: false
+        open: false,
+        allowHttp: false
       } as Options;
 
       it('Should have no powered by header', function (done) {
@@ -119,5 +120,13 @@ describe('Server', function () {
           done();
         });
       });
+
+      it('Should have HSTS header', function (done) {
+        runServer(SERVER_SETTINGS, '/index.html', function (response : any) {
+          expect(response.status).to.equal(200);
+          expect(response.headers.get('strict-transport-security')).to.contain('5184000');
+          done();
+        });
+      });
     });
 });