diff --git a/src/args.rs b/src/args.rs
index 032d383..187d1ee 100644
--- a/src/args.rs
+++ b/src/args.rs
@@ -214,6 +214,14 @@ pub fn build_cli() -> Command {
                 .long("compress")
                 .value_name("level")
                 .help("Set zip compress level [default: low]")
+        )
+		.arg(
+            Arg::new("enable-hsts")
+                .env("DUFS_ENABLE_HSTS")
+				.hide_env(true) 
+                .long("enable-hsts")
+                .action(ArgAction::SetTrue)
+                .help("Enable HTTP Strict Transport Security (HSTS) headers"),
         )
         .arg(
             Arg::new("completions")
@@ -223,6 +231,8 @@ pub fn build_cli() -> Command {
                 .help("Print shell completion script for <shell>"),
         );
 
+
+
     #[cfg(feature = "tls")]
     let app = app
         .arg(
@@ -291,6 +301,7 @@ pub struct Args {
     pub http_logger: HttpLogger,
     pub log_file: Option<PathBuf>,
     pub compress: Compress,
+	pub enable_hsts: bool,
     pub tls_cert: Option<PathBuf>,
     pub tls_key: Option<PathBuf>,
 }
@@ -405,6 +416,10 @@ impl Args {
         if let Some(log_file) = matches.get_one::<PathBuf>("log-file") {
             args.log_file = Some(log_file.clone());
         }
+		
+		if !args.enable_hsts {
+            args.enable_hsts = matches.get_flag("enable-hsts");
+        }
 
         if let Some(compress) = matches.get_one::<Compress>("compress") {
             args.compress = *compress;
diff --git a/src/auth.rs b/src/auth.rs
index fae91bf..6ac580f 100644
--- a/src/auth.rs
+++ b/src/auth.rs
@@ -296,6 +296,12 @@ impl AccessPerm {
 }
 
 pub fn www_authenticate(res: &mut Response, args: &Args) -> Result<()> {
+	if args.enable_hsts {
+		res.headers_mut().insert(
+			"strict-transport-security",
+			HeaderValue::from_static("max-age=31536000"),
+			);
+	}
     if args.auth.use_hashed_password {
         let basic = HeaderValue::from_str(&format!("Basic realm=\"{}\"", REALM))?;
         res.headers_mut().insert(WWW_AUTHENTICATE, basic);
diff --git a/src/server.rs b/src/server.rs
index da9da9a..412ccb8 100644
--- a/src/server.rs
+++ b/src/server.rs
@@ -778,6 +778,12 @@ impl Server {
                 "x-content-type-options",
                 HeaderValue::from_static("nosniff"),
             );
+		if self.args.enable_hsts {
+			res.headers_mut().insert(
+				"strict-transport-security",
+				HeaderValue::from_static("max-age=31536000"),
+			);
+		}
             Ok(true)
         } else if req_path == HEALTH_CHECK_PATH {
             res.headers_mut()
@@ -1239,6 +1245,12 @@ impl Server {
             "x-content-type-options",
             HeaderValue::from_static("nosniff"),
         );
+		if self.args.enable_hsts {
+			res.headers_mut().insert(
+				"strict-transport-security",
+				HeaderValue::from_static("max-age=31536000"),
+			);
+		}
         if head_only {
             return Ok(());
         }