https Tutorial => HSTS Header

Example

Strict-Transport-Security: max-age=31536000; includeSubDomains

Strict-Transport-Security is a promise to the browser that all future requests to this domain will be secure.
For the future time period max-age:

All outgoing HTTP requests from the browser will be converted to HTTPS on the client (not an HTTP redirect).
If the certificate is invalid (e.g. outdated or self-singed), the user will be unable to white-list it and the site will remain inaccessible.

HSTS behavior is meant to eliminate Man-in-the-Middle attacks that use HTTPS stripping, issuing of invalid certificates (and expecting the user to add and exception), and redirecting on HTTP requests to another destination.

PDF - Download https for free

Previous Next

https

Fastest Entity Framework Extensions

Example

Got any https Question?

https

https HTTP Strict Transport Security (HSTS) HSTS Header

Fastest Entity Framework Extensions

Example

Got any https Question?