diff --git a/manifests/init.pp b/manifests/init.pp
index 21b3b952f..783d80486 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -203,6 +203,7 @@
 #
 # $dynflow_pool_size::          How many workers should Dynflow use
 #
+# $disable_hsts::               Disable HSTS enforcement in https requests
 class foreman (
   Stdlib::HTTPUrl $foreman_url = $::foreman::params::foreman_url,
   Boolean $puppetrun = $::foreman::params::puppetrun,
@@ -298,6 +299,7 @@
   Optional[String] $email_smtp_user_name = $::foreman::params::email_smtp_user_name,
   Optional[String] $email_smtp_password = $::foreman::params::email_smtp_password,
   Integer[0, 65535] $dynflow_pool_size = $::foreman::params::dynflow_pool_size,
+  Boolean $disable_hsts = $::foreman::params::disable_hsts,
 ) inherits foreman::params {
   if $db_adapter == 'UNSET' {
     $db_adapter_real = $::foreman::db_type ? {
diff --git a/manifests/params.pp b/manifests/params.pp
index 688a95fd7..8e9a5d535 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -96,6 +96,8 @@
   # Configure how many workers should Dynflow use
   $dynflow_pool_size = 5
 
+  $disable_hsts = false
+
   # OS specific paths
   case $::osfamily {
     'RedHat': {
diff --git a/spec/classes/foreman_config_spec.rb b/spec/classes/foreman_config_spec.rb
index cc63e03e8..ba44b5445 100644
--- a/spec/classes/foreman_config_spec.rb
+++ b/spec/classes/foreman_config_spec.rb
@@ -31,6 +31,7 @@
             with_content(%r{^:ssl_priv_key:\s*/var/lib/puppet/ssl/private_keys/foo\.example\.com\.pem$}).
             with_content(/^:logging:\n\s*:level:\s*info$/).
             with_content(/^:dynflow:\n\s*:pool_size:\s*5$/).
+            with_content(/^:disable_hsts:\s*false$/).
             with({})
 
           should contain_concat('/etc/foreman/settings.yaml').with({
diff --git a/templates/settings.yaml.erb b/templates/settings.yaml.erb
index ccf0429c8..2adb7b323 100644
--- a/templates/settings.yaml.erb
+++ b/templates/settings.yaml.erb
@@ -30,6 +30,9 @@
 :ssl_ca_file: <%= scope.lookupvar("foreman::client_ssl_ca") %>
 :ssl_priv_key: <%= scope.lookupvar("foreman::client_ssl_key") %>
 
+# HSTS setting
+:disable_hsts: <%= scope.lookupvar("foreman::disable_hsts") %>
+
 # Log settings for the current environment can be adjusted by adding them
 # here. For example, if you want to increase the log level.
 :logging: