HTTP Strict Transport Security (or HSTS) is an important aspect in web security.
IdentityServer3 provides a configuration option to include the HSTS headers in all of its HTTP responses.
To enable, use the
UseHsts extension method on the
IAppBuilder in your OWIN configuration:
public void Configuration(IAppBuilder app)
If you wish to set the expiration (
UseHsts has overloads that accept an
int for the number of days,
TimeSpan for a custom duration. A value of
TimeSpan.Zero can be used to purge the HSTS browser cache. The default expiration is