diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml
index e9a1b33b5..3b1e3449a 100644
--- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml
+++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml
@@ -104,6 +104,18 @@
text
+
+ frontend.ssl_hstsEnabled
+
+ checkbox
+
+
+
+ frontend.ssl_hstsMaxAge
+
+ text
+
+
header
diff --git a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml
index ae6724884..af366cdcb 100644
--- a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml
+++ b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml
@@ -348,6 +348,17 @@
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
N
+
+ 1
+ Y
+
+
+ 15768000
+ 1
+ 1000000000
+ Please specify a value between 1 and 1000000000.
+ Y
+
1
500000
diff --git a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
index d0aeb2f27..b6b70b8b0 100644
--- a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
+++ b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
@@ -607,6 +607,10 @@ frontend {{frontend.name}}
{% do ssl_options.append('ciphers ' ~ frontend.ssl_cipherList) %}
{% endif %}
{% endif %}
+{# # HSTS #}
+{% if frontend.ssl_hstsEnabled|default("") == '1' %}
+ http-response set-header Strict-Transport-Security max-age={{frontend.ssl_hstsMaxAge}}
+{% endif %}
{% endif %}
{# # bind/listen configuration #}
{% if frontend.bind|default("") != "" %}