diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml
index 3b1e3449a..3c069d9d9 100644
--- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml
+++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml
@@ -110,6 +110,18 @@
checkbox
+
+ frontend.ssl_hstsIncludeSubDomains
+
+ checkbox
+
+
+
+ frontend.ssl_hstsPreload
+
+ checkbox
+
+
frontend.ssl_hstsMaxAge
diff --git a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml
index bf4252e17..5952c48e6 100644
--- a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml
+++ b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml
@@ -1,6 +1,6 @@
//OPNsense/HAProxy
- 2.0.1
+ 2.1.0
the HAProxy load balancer
@@ -355,6 +355,14 @@
1
Y
+
+ 0
+ N
+
+
+ 0
+ N
+
15768000
1
diff --git a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
index dd8db755c..90c7c9883 100644
--- a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
+++ b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
@@ -608,7 +608,15 @@ frontend {{frontend.name}}
{% endif %}
{# # HSTS #}
{% if frontend.ssl_hstsEnabled|default("") == '1' and frontend.mode == 'http' %}
- http-response set-header Strict-Transport-Security max-age={{frontend.ssl_hstsMaxAge}}
+{% set hsts_options = [] %}
+{% do hsts_options.append('max-age=' ~ frontend.ssl_hstsMaxAge) %}
+{% if frontend.ssl_hstsIncludeSubDomains|default("") == '1' %}
+{% do hsts_options.append('; includeSubDomains') %}
+{% endif %}
+{% if frontend.ssl_hstsPreload|default("") == '1' %}
+{% do hsts_options.append('; preload') %}
+{% endif %}
+ http-response set-header Strict-Transport-Security "{{ hsts_options|join('') }}"
{% endif %}
{% endif %}
{% endif %}