The Monsters Weekly - Episode 64 - HTTPS Strict Transport Security

SSL is a fabulous tool for encrypting your HTTP sessions and it is becoming cheaper every single day. However there are still some possible attack vectors even if your site uses HTTPS. In this episode we'll take a look at the HTTPS Strict Transport Security (HSTS) headers and how you can set them up to close one of the loopholes in SSL.



OWASP cheat sheet on HSTS

HSTS Preload List

Andrew Lock on ASP.NET Core Security Headers