Menu
I followed the directions at Microsoft Documentation for configuring UseHsts, but when I hit my website, I do not see the Strict-Transport-Security header. I tried several variations on the configuration, but nothing seems to have any affect. Any ideas what I am missing?
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc();
services.AddHsts(options =>
{
});
services.AddHttpsRedirection(options =>
{
});
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
app.UseHsts();
app.UseHttpsRedirection();
app.UseMvc();
}
This is an image of the headers that I get in Chrome, but it looks the same in every other browser, as well.
793
HTTPS Redirection Middleware (UseHttpsRedirection) to redirect HTTP requests to HTTPS. HSTS Middleware (UseHsts) to send HTTP Strict Transport Security Protocol (HSTS) headers to clients.
UseHsts excludes the following loopback hosts:
You could try to publish the web app and check the header Strict-Transport-Security.
Below is the result from publishing the site to Azure.
115
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
