diff --git a/net/haproxy/Makefile b/net/haproxy/Makefile
index ca3a4105f..91751fc0d 100644
--- a/net/haproxy/Makefile
+++ b/net/haproxy/Makefile
@@ -1,5 +1,5 @@
 PLUGIN_NAME=		haproxy
-PLUGIN_VERSION=		2.0
+PLUGIN_VERSION=		2.1
 PLUGIN_COMMENT=		Reliable, high performance TCP/HTTP load balancer
 PLUGIN_DEPENDS=		haproxy
 PLUGIN_MAINTAINER=	opnsense@moov.de
diff --git a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
index b6b70b8b0..dd8db755c 100644
--- a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
+++ b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
@@ -606,10 +606,10 @@ frontend {{frontend.name}}
 {%           if frontend.ssl_cipherList|default("") != "" %}
 {%             do ssl_options.append('ciphers ' ~ frontend.ssl_cipherList) %}
 {%           endif %}
-{%         endif %}
-{#         # HSTS #}
-{%         if frontend.ssl_hstsEnabled|default("") == '1' %}
+{#           # HSTS #}
+{%           if frontend.ssl_hstsEnabled|default("") == '1' and frontend.mode == 'http' %}
     http-response set-header Strict-Transport-Security max-age={{frontend.ssl_hstsMaxAge}}
+{%           endif %}
 {%         endif %}
 {%       endif %}
 {#       # bind/listen configuration #}