Use HSTS and HTTPS Redirection

HSTS is supported by most browsers. Chrome and Mozilla Firefox maintain an HSTS preload list that automatically informs the browser that the website can only be accessed through HTTPS. A webmaster can add a website to the preloaded HSTS list by adding the “preload” parameter to the header and then submitting the domain to the list.

In GrandNode you are able to use HSTS by enabling it in appsettings.json file. 

You can do it by editing appsettings.json file and adding True instead of False value: 

//HTTP Strict Transport Security Protocol
"UseHsts": false,

If you want to use SSL on many pages, you need to also enable following setting, just set is as True.

//We recommend all ASP.NET Core web apps call HTTPS Redirection Middleware to redirect all HTTP requests to HTTPS
"UseHttpsRedirection": false,

back to top