diff --git a/lib/response.php b/lib/response.php
index e1b808bf3..ceaf32c53 100644
--- a/lib/response.php
+++ b/lib/response.php
@@ -125,7 +125,9 @@ class Response
 
     public function hsts()
     {
-        header('Strict-Transport-Security: max-age=31536000');
+        if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {
+            header('Strict-Transport-Security: max-age=31536000');
+        }
     }
 
     public function xframe($mode = 'DENY', array $urls = array())