/// <summary> /// Add Strict-Transport-Security max-age=0 to all requests. /// Tells the user-agent to remove, or not cache the host in the STS cache /// </summary> /// <param name="policies">The collection of policies</param> /// <returns>The <see cref="HeaderPolicyCollection"/> for method chaining</returns> public static HeaderPolicyCollection AddStrictTransportSecurityNoCache(this HeaderPolicyCollection policies) { return(policies.AddStrictTransportSecurity(0, includeSubdomains: false, preload: false, _excludedHosts)); }
/// <summary> /// Add Strict-Transport-Security max-age=<see paramref="maxAge"/>; includeSubDomains to all requests. /// Tells the user-agent to cache the domain in the STS list for the number of seconds provided and include any sub-domains. Additionally, enable preloading of the site in the HSTS preload list /// /// WARNING:Sending the preload directive from your site can have PERMANENT CONSEQUENCES and prevent users from accessing your site and any of its subdomains if you find you need to switch back to HTTP. /// </summary> /// <param name="policies">The collection of policies</param> /// <param name="maxAgeInSeconds">The maximum number of seconds to cache the domain</param> /// <returns>The <see cref="HeaderPolicyCollection"/> for method chaining</returns> public static HeaderPolicyCollection AddStrictTransportSecurityMaxAgeIncludeSubDomainsAndPreload(this HeaderPolicyCollection policies, int maxAgeInSeconds = StrictTransportSecurityHeader.OneYearInSeconds) { return(policies.AddStrictTransportSecurity(maxAgeInSeconds, includeSubdomains: true, preload: true, _excludedHosts)); }