diff --git a/cmd/dashboard-token-proxy/main.go b/cmd/dashboard-token-proxy/main.go
index 7b29c1f6c565..0f5f1cf47c4b 100644
--- a/cmd/dashboard-token-proxy/main.go
+++ b/cmd/dashboard-token-proxy/main.go
@@ -113,6 +113,7 @@ func HandleTokenRequest(clientID, clientSecret, ghURL, authorizationURL string)
 
 		w.Header().Add("content-type", "application/json")
 		w.Header().Add("Access-Control-Allow-Origin", fmt.Sprintf("https://pages.%s", ghURL))
+		w.Header().Add("Strict-Transport-Security", "max-age=63072000; includeSubDomains; preload")
 		w.Write(b)
 	}
 }