Please also add an HSTS header to enforce future connections to be HTTPS and avoid SSL Stripping attacks.