Context
\Program.cs\ (Web) currently uses default \UseHsts()\ which applies a 30-day max-age with no \includeSubDomains.
Target State
Explicit 1-year max-age with \includeSubDomains\ and \Preload.
Implementation
Add to \Program.cs\ (Web):
\\csharp
builder.Services.AddHsts(options =>
{
options.MaxAge = TimeSpan.FromDays(365);
options.IncludeSubDomains = true;
options.Preload = true;
});
\\
After a stable deployment, consider submitting the domain to the HSTS preload list.
Priority
Low
Context
\Program.cs\ (Web) currently uses default \UseHsts()\ which applies a 30-day max-age with no \includeSubDomains.
Target State
Explicit 1-year max-age with \includeSubDomains\ and \Preload.
Implementation
Add to \Program.cs\ (Web):
\\csharp
builder.Services.AddHsts(options =>
{
options.MaxAge = TimeSpan.FromDays(365);
options.IncludeSubDomains = true;
options.Preload = true;
});
\\
After a stable deployment, consider submitting the domain to the HSTS preload list.
Priority
Low