The strict transport security header is an excellent feature that strengthens the implementation of TLS (Transport Level Security) by getting the User Agent and forcing it to use HTTPS. We can add the strict transport security header by adding the following middleware to our Configure method of the Startup class:

app.UseHsts(options => options.MaxAge(days:365).IncludeSubdomains());

This middleware enforces your site so that it can only be accessed over HTTPS for a year. This applies to subdomains as well.