web analytics

Security Headers in ASP.NET

@2021-08-04 20:47:50


If you haven't implemented HTTPS on your website, you should. After doing so, you can prevent any communication happening over HTTP using the Strict-Transport-Security header:

      <add name="Strict-Transport-Security" value="max-age=31536000; includeSubDomains" />

The max-age value tells browsers to use this setting for the specified number of seconds. In this case a year. The includeSubDomains part can be excluded, if you are hosting non-HTTPS websites on subdomains


You must Sign In to comment on this topic.

© 2022 Digcode.com