diff --git a/server.ts b/server.ts
index 2db39ab06..76d00edd3 100644
--- a/server.ts
+++ b/server.ts
@@ -55,7 +55,8 @@ app.set('trust proxy', CONFIG.TRUST_PROXY)
 app.use(helmet({
   frameguard: {
     action: 'deny' // we only allow it for /videos/embed, see server/controllers/client.ts
-  }
+  },
+  hsts: false
 }))
 
 // ----------- Database -----------
diff --git a/support/nginx/peertube b/support/nginx/peertube
index 0720dbd97..5d97c0cf1 100644
--- a/support/nginx/peertube
+++ b/support/nginx/peertube
@@ -44,7 +44,11 @@ server {
   gzip_types text/css text/html application/javascript;
   gzip_vary on;
 
-  add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
+  # Enable HSTS
+  # Tells browsers to stick with HTTPS and never visit the insecure HTTP
+  # version. Once a browser sees this header, it will only visit the site over
+  # HTTPS for the next 2 years: (read more on hstspreload.org)
+  #add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
 
   access_log /var/log/nginx/peertube.example.com.access.log;
   error_log /var/log/nginx/peertube.example.com.error.log;