diff --git a/system/nixos/forgejo.nix b/system/nixos/forgejo.nix
index 93b8922..72c3917 100644
--- a/system/nixos/forgejo.nix
+++ b/system/nixos/forgejo.nix
@@ -58,9 +58,13 @@ in
       quic = true;
       http3 = true;
 
-      onlySSL = true;
+      forceSSL = true;
       useACMEHost = "kempkens.io";
 
+      extraConfig = ''
+        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
+      '';
+
       locations."/" = {
         recommendedProxySettings = true;
         proxyPass = "http://unix:/run/gitea/gitea.sock";