What is the difference between UseHttpsRedirection and UseHsts

Friday, September 28, 2018 by Nate Bross

Someone asked on Stack Overflow:

I don’t quite get the difference between UseHsts and UseHttpsRedirection in the configure section of the startup file in .net core. Could anyone explain?

I posted the following answer, which was chosen as the accepted answer and received 49 upvotes:

According to the documentation you should use both together:

We recommend all production ASP.NET Core web apps call:

  • The HTTPS Redirection Middleware (UseHttpsRedirection) to redirect all HTTP requests to HTTPS.
  • UseHsts, HTTP Strict Transport Security Protocol (HSTS).

ASP.NET Core Enforce HTTPS

The .UseHttpsRedirection() will issue HTTP response codes redirecting from http to https. The .UseHsts() will add the HSTS response header which the client is supposed to obey.

Notable comments

Nate (2 upvotes): They do not block incoming requests. UseHttpsRedirection should issue a redirect from http to https. UseHsts is a header to remind the browser that when they come back to this site, skip the initial http request, and go directly to https. If you want to block http completely, you’d need to do that on your host (iis, apache, etc).

Originally posted on Stack Overflow — 49 upvotes (accepted answer). Licensed under CC BY-SA.

signed letter b

Dad. Geek. Gamer. Software developer. Cloud user. Old Car enthusiast.  Blogger.

Top Posts

profile for Nate on Stack Exchange, a network of free, community-driven Q&A sites
a proud member of the blue team of 512KB club
Thoughts, opinions, and ideas shared here are my own. © 2026 Nate Bross.
RSS Feed