diff --git a/backend/app.js b/backend/app.js
index 767d972..a50a65a 100644
--- a/backend/app.js
+++ b/backend/app.js
@@ -42,6 +42,8 @@ app.use(
                 objectSrc: ["'none'"],
                 mediaSrc: ["'self'"],
                 frameSrc: ["'none'"],
+                upgradeInsecureRequests:
+                    process.env.DISABLE_HSTS === 'true' ? null : [],
             },
         },
         hsts: