diff --git a/README.md b/README.md
index 81c941d61..fede724ba 100644
--- a/README.md
+++ b/README.md
@@ -127,6 +127,12 @@ The nginx configuration will need to be reloaded in order for the updated TLS co
 
 **Note**: TLS will not be enabled unless the application's VHOST matches the certificate's name. (i.e. if you have a cert for *.example.com TLS won't be enabled for something.example.org or example.net)
 
+### HSTS Header
+
+The [HSTS header](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) is an HTTP header that can inform browsers that all requests to a given site should be made via HTTPS. dokku does not, by default, enable this header. It is thus left up to you, the user, to enable it for your site.
+
+Beware that if you enable the header and a subsequent deploy of your application results in an HTTP deploy (for whatever reason), the way the header works means that a browser will not attempt to request the HTTP version of your site if the HTTPS version fails.
+
 ## Upgrading
 
 Dokku is in active development. You can update the deployment step and the build step separately.