diff --git a/src/BCC.Web/Startup.cs b/src/BCC.Web/Startup.cs
index c402fcf..2a32fab 100644
--- a/src/BCC.Web/Startup.cs
+++ b/src/BCC.Web/Startup.cs
@@ -18,6 +18,7 @@
 using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
@@ -52,6 +53,15 @@ public Startup(IConfiguration configuration)
         // This method gets called by the runtime. Use this method to add services to the container.
         public void ConfigureServices(IServiceCollection services)
         {
+            services.AddHttpsRedirection(options => options.RedirectStatusCode = StatusCodes.Status301MovedPermanently);
+
+            services.AddHsts(options =>
+            {
+                options.MaxAge = TimeSpan.FromDays(30);
+                options.Preload = true;
+                options.IncludeSubDomains = true;
+            });
+
             services.Configure<ApplicationInsightsLoggerOptions>(Configuration.GetSection("ApplicationInsightsLogger"));
             services.Configure<GitHubAppOptions>(Configuration.GetSection("GitHub:App"));
             services.Configure<AuthOptions>(Configuration.GetSection("Auth"));
@@ -182,8 +192,11 @@ public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerF
             else
             {
                 app.UseExceptionHandler("/Home/Error");
+                app.UseHsts();
             }
 
+            app.UseHttpsRedirection();
+
             app.UseSwagger(c =>
             {
                 c.RouteTemplate = "docs/{documentName}/swagger.json";