diff --git a/content/administration/install/deploy.rst b/content/administration/install/deploy.rst
index 1e783cc53..12be54c81 100644
--- a/content/administration/install/deploy.rst
+++ b/content/administration/install/deploy.rst
@@ -334,6 +334,9 @@ in ``/etc/nginx/sites-enabled/odoo.conf`` set:
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;
       proxy_set_header X-Real-IP $remote_addr;
+
+      add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
+      proxy_cookie_flags session_id samesite=lax secure;  # requires nginx 1.19.8
     }
 
     # Redirect requests to odoo backend server
@@ -346,10 +349,8 @@ in ``/etc/nginx/sites-enabled/odoo.conf`` set:
       proxy_redirect off;
       proxy_pass http://odoo;
 
-      # Enable HSTS
       add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
-      # requires nginx 1.19.8
-      proxy_cookie_flags session_id samesite=lax secure;
+      proxy_cookie_flags session_id samesite=lax secure;  # requires nginx 1.19.8
     }
 
     # common gzip