diff --git a/templates/etc/nginx/conf.d/header.conf.j2 b/templates/etc/nginx/conf.d/header.conf.j2
index 4c5ee1f..2b76754 100644
--- a/templates/etc/nginx/conf.d/header.conf.j2
+++ b/templates/etc/nginx/conf.d/header.conf.j2
@@ -1,5 +1,8 @@
 # {{ ansible_managed }}
 # default header settings
+{% if nginx_tls_enabled and nginx_hsts_enabled %}
+add_header Strict-Transport-Security{% if nginx_hsts_options %} "{{ nginx_hsts_options | join("; ") }}{% endif %};
+{% endif %}
 add_header X-Frame-Options DENY;
 add_header X-Content-Type-Options nosniff;
 add_header X-XSS-Protection "1; mode=block";
diff --git a/templates/etc/nginx/nginx.conf.j2 b/templates/etc/nginx/nginx.conf.j2
index d7af0f1..bbf6495 100644
--- a/templates/etc/nginx/nginx.conf.j2
+++ b/templates/etc/nginx/nginx.conf.j2
@@ -1,3 +1,4 @@
+#jinja2: lstrip_blocks: True
 # {{ ansible_managed }}
 user {{ nginx_user }} {{ nginx_group }};
 worker_processes {{ nginx_worker_processes }};
@@ -16,12 +17,12 @@ http {
                     '$status $body_bytes_sent "$http_referer" '
                     '"$http_user_agent" "$http_x_forwarded_for"';
 
-  {% if  nginx_error_log.enabled %}
+  {% if nginx_error_log.enabled %}
   error_log {{ nginx_error_log.file }} {{ nginx_error_log.level }};
   {% else %}
   error_log off;
   {% endif %}
-  {% if  nginx_access_log.enabled %}
+  {% if nginx_access_log.enabled %}
   access_log  {{ nginx_access_log.file }} {{ nginx_access_log.format }};
   {% else %}
   access_log off;