See nginx [doc](http://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header) and [blog](https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/).
@@ -260,7 +260,7 @@ server {
{{ end }}
{{ if (and (ne $https_method "noredirect") (ne $hsts "off")) }}
- add_header Strict-Transport-Security "{{ trim $hsts }}";
+ add_header Strict-Transport-Security "{{ trim $hsts }}" always;
{{ if (exists (printf "/etc/nginx/vhost.d/%s" $host)) }}