SSL is a fabulous tool for encrypting your HTTP sessions and it is becoming cheaper every single day. However there are still some possible attack vectors even if your site uses HTTPS. In this episode we'll take a look at the HTTPS Strict Transport Security (HSTS) headers and how you can set them up to close one of the loopholes in SSL.
Links!
Andrew Lock on ASP.NET Core Security Headers