diff --git a/docker-compose.yml b/docker-compose.yml
index 489862b..4e5d339 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -50,13 +50,13 @@ services:
       # only some people can access the dashboard, hence protect it with it's whitelist
       - traefik.http.routers.http-${TRAEFIK_ROUTER}.middlewares=dashboard-whitelist
       # redirect Træfik dashboard to HTTPS only
-      - traefik.http.routers.http-${TRAEFIK_ROUTER}.middlewares=http-to-https,hsts
+      - traefik.http.routers.http-${TRAEFIK_ROUTER}.middlewares=http-to-https
       - traefik.http.routers.http-${TRAEFIK_ROUTER}.rule=Host(`${TRAEFIK_MATCHRULE}`)
       - traefik.http.routers.http-${TRAEFIK_ROUTER}.service=api@internal
       ### Section HTTPS
       - traefik.http.routers.https-${TRAEFIK_ROUTER}.entrypoints=https
-      # only some people can access the dashboard, hence protect it with it's whitelist
-      - traefik.http.routers.https-${TRAEFIK_ROUTER}.middlewares=dashboard-whitelist
+      # only some people can access the dashboard, hence protect it with it's whitelist (and add HSTS for security)
+      - traefik.http.routers.https-${TRAEFIK_ROUTER}.middlewares=hsts,dashboard-whitelist
       # configure Træfik dashboard to be the exposed service
       - traefik.http.routers.https-${TRAEFIK_ROUTER}.rule=Host(`${TRAEFIK_MATCHRULE}`)
       - traefik.http.routers.https-${TRAEFIK_ROUTER}.service=api@internal