diff --git a/dpaste/settings.py b/dpaste/settings.py
index bd8fa56..e709c29 100644
--- a/dpaste/settings.py
+++ b/dpaste/settings.py
@@ -89,7 +89,7 @@ MIDDLEWARE_CLASSES = (
     'dpaste.disable.DisableCSRF',
     'django.middleware.common.CommonMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
-    #'django.contrib.messages.middleware.MessageMiddleware',
+    'django.middleware.clickjacking.XFrameOptionsMiddleware',
 )
 
 TEMPLATE_CONTEXT_PROCESSORS += (
diff --git a/server/nginx.conf b/server/nginx.conf
index 28cbfc3..daadbbd 100644
--- a/server/nginx.conf
+++ b/server/nginx.conf
@@ -24,6 +24,8 @@ server {
     ssl_certificate /srv/dpaste.de/var/ssl/dpaste_de_unified.crt;
     ssl_certificate_key /srv/dpaste.de/var/ssl/dpaste_de.key;
 
+    add_header Strict-Transport-Security max-age=31536000;
+
     include /srv/dpaste.de/src/dpaste/server/nginx_server.conf;
 }
 
@@ -34,5 +36,7 @@ server {
     ssl_certificate /srv/dpaste.de/var/ssl/dpaste_org_unified.crt;
     ssl_certificate_key /srv/dpaste.de/var/ssl/dpaste_org.key;
 
+    add_header Strict-Transport-Security max-age=31536000;
+
     include /srv/dpaste.de/src/dpaste/server/nginx_server.conf;
 }