diff --git a/config/prod.exs b/config/prod.exs
index 6d1269e..51a307b 100644
--- a/config/prod.exs
+++ b/config/prod.exs
@@ -5,7 +5,11 @@ import Config
 # manifest is generated by the `mix assets.deploy` task,
 # which you should run after static files are built and
 # before starting your production server.
-config :berrypod, BerrypodWeb.Endpoint, cache_static_manifest: "priv/static/cache_manifest.json"
+config :berrypod, BerrypodWeb.Endpoint,
+  cache_static_manifest: "priv/static/cache_manifest.json",
+  # HSTS tells browsers to always use HTTPS for this domain (1 year, include subdomains)
+  # This must be set at compile time, not runtime
+  force_ssl: [hsts: true, rewrite_on: [:x_forwarded_proto]]
 
 # Configures Swoosh API Client
 config :swoosh, api_client: Swoosh.ApiClient.Req
diff --git a/config/runtime.exs b/config/runtime.exs
index 477fff0..f95a858 100644
--- a/config/runtime.exs
+++ b/config/runtime.exs
@@ -64,9 +64,7 @@ if config_env() == :prod do
       ip: {0, 0, 0, 0, 0, 0, 0, 0},
       port: port
     ],
-    secret_key_base: secret_key_base,
-    # HSTS tells browsers to always use HTTPS for this domain (1 year, include subdomains)
-    force_ssl: [hsts: true, rewrite_on: [:x_forwarded_proto]]
+    secret_key_base: secret_key_base
 
   # ## SSL Support
   #