diff --git a/server/core/src/https/middleware/hsts_header.rs b/server/core/src/https/middleware/hsts_header.rs
new file mode 100644
index 000000000..12f1f7e06
--- /dev/null
+++ b/server/core/src/https/middleware/hsts_header.rs
@@ -0,0 +1,19 @@
+use axum::http::Request;
+use axum::middleware::Next;
+use axum::response::Response;
+use http::HeaderValue;
+
+const HSTS_HEADER: &str = "max-age=86400";
+
+pub async fn strict_transport_security_layer<B>(request: Request<B>, next: Next<B>) -> Response {
+    // wait for the middleware to come back
+    let mut response = next.run(request).await;
+
+    // add the header
+    let headers = response.headers_mut();
+    let hsts_header = HeaderValue::from_static(HSTS_HEADER);
+
+    headers.insert(http::header::STRICT_TRANSPORT_SECURITY, hsts_header);
+
+    response
+}
diff --git a/server/core/src/https/middleware/mod.rs b/server/core/src/https/middleware/mod.rs
index 2bbb7454c..8e3b2d7e1 100644
--- a/server/core/src/https/middleware/mod.rs
+++ b/server/core/src/https/middleware/mod.rs
@@ -11,6 +11,7 @@ use uuid::Uuid;
 pub(crate) mod caching;
 pub(crate) mod compression;
 pub(crate) mod csp_headers;
+pub(crate) mod hsts_header;
 
 // the version middleware injects
 const KANIDM_VERSION: &str = env!("CARGO_PKG_VERSION");
diff --git a/server/core/src/https/mod.rs b/server/core/src/https/mod.rs
index 23cc0a171..b0f68abd5 100644
--- a/server/core/src/https/mod.rs
+++ b/server/core/src/https/mod.rs
@@ -237,6 +237,9 @@ pub async fn create_https_server(
             middleware::csp_headers::cspheaders_layer,
         ))
         .layer(from_fn(middleware::version_middleware))
+        .layer(from_fn(
+            middleware::hsts_header::strict_transport_security_layer,
+        ))
         .layer(TraceLayer::new_for_http())
         // This must be the LAST middleware.
         // This is because the last middleware here is the first to be entered and the last