UseHsts not working with NetCore 2.1 Website

Question

I followed the directions at Microsoft Documentation for configuring UseHsts, but when I hit my website, I do not see the Strict-Transport-Security header. I tried several variations on the configuration, but nothing seems to have any affect. Any ideas what I am missing?

public void ConfigureServices(IServiceCollection services)
{
    services.AddMvc();

    services.AddHsts(options =>
    {
    });

    services.AddHttpsRedirection(options =>
    {
    });            
}

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    app.UseHsts();
    app.UseHttpsRedirection();
    app.UseMvc();
}

This is an image of the headers that I get in Chrome, but it looks the same in every other browser, as well.

Answer 1

UseHsts excludes the following loopback hosts:

• localhost : The IPv4 loopback address.
• 127.0.0.1 : The IPv4 loopback address.
• [::1] : The IPv6 loopback address.

You could try to publish the web app and check the header Strict-Transport-Security.

Below is the result from publishing the site to Azure.