diff --git a/nginx.tmpl b/nginx.tmpl
index bdb2de8..39e38f7 100644
--- a/nginx.tmpl
+++ b/nginx.tmpl
@@ -263,7 +263,7 @@ server {
 	{{ end }}
 
 	{{ if (and (ne $https_method "noredirect") (ne $hsts "off")) }}
-	add_header Strict-Transport-Security "{{ trim $hsts }}";
+	add_header Strict-Transport-Security "{{ trim $hsts }}" always;
 	{{ end }}
 
 	{{ if (exists (printf "/etc/nginx/vhost.d/%s" $host)) }}
diff --git a/test/requirements/web/webserver.py b/test/requirements/web/webserver.py
index 305c207..9334657 100755
--- a/test/requirements/web/webserver.py
+++ b/test/requirements/web/webserver.py
@@ -1,28 +1,35 @@
 #!/usr/bin/env python3
 
-import os, sys
+import os, sys, re
 import http.server
 import socketserver
 
-
 class Handler(http.server.SimpleHTTPRequestHandler):
     def do_GET(self):
-        
-        self.send_response(200)
+
+        response_body = ""
+        response_code = 200
+
+        if self.path == "/headers":
+            response_body += self.headers.as_string()
+        elif self.path == "/port":
+            response_body += "answer from port %s\n" % PORT
+        elif re.match("/status/(\d+)", self.path):
+            result = re.match("/status/(\d+)", self.path)
+            response_code = int(result.group(1))
+            response_body += "answer with response code %s\n" % response_code
+        elif self.path == "/":
+            response_body += "I'm %s\n" % os.environ['HOSTNAME']
+        else:
+            response_body += "No route for this path!\n"
+            response_code = 404
+
+        self.send_response(response_code)
         self.send_header("Content-Type", "text/plain")
         self.end_headers()
 
-        if self.path == "/headers":
-            self.wfile.write(self.headers.as_string().encode())
-        elif self.path == "/port":
-            response = "answer from port %s\n" % PORT
-            self.wfile.write(response.encode())
-        elif self.path == "/":
-            response = "I'm %s\n" % os.environ['HOSTNAME']
-            self.wfile.write(response.encode())
-        else:
-            self.wfile.write("No route for this path!\n".encode())
-
+        if (len(response_body)):
+            self.wfile.write(response_body.encode())
 
 if __name__ == '__main__':
     PORT = int(sys.argv[1])
diff --git a/test/test_ssl/test_hsts.py b/test/test_ssl/test_hsts.py
index 180f274..554d79a 100644
--- a/test/test_ssl/test_hsts.py
+++ b/test/test_ssl/test_hsts.py
@@ -7,6 +7,13 @@ def test_web1_HSTS_default(docker_compose, nginxproxy):
     assert "Strict-Transport-Security" in r.headers
     assert "max-age=31536000" == r.headers["Strict-Transport-Security"]
 
+# Regression test to ensure HSTS is enabled even when the upstream sends an error in response
+# Issue #1073 https://github.com/jwilder/nginx-proxy/pull/1073
+def test_web1_HSTS_error(docker_compose, nginxproxy):
+    r = nginxproxy.get("https://web1.nginx-proxy.tld/status/500", allow_redirects=False)
+    assert "Strict-Transport-Security" in r.headers
+    assert "max-age=31536000" == r.headers["Strict-Transport-Security"]
+
 def test_web2_HSTS_off(docker_compose, nginxproxy):
     r = nginxproxy.get("https://web2.nginx-proxy.tld/port", allow_redirects=False)
     assert "answer from port 81\n" in r.text