![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 4%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWP%3C/text%3E%3C/svg%3E)
20,212 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 32%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Sounds like HSTS to me. HSTS is a browser-only security feature. Basically it says that once a site has transitioned to HTTPS it cannot transition back to HTTP. This is a security feature that prevents a malicious user from getting an otherwise HTTPS encrypted site to send data unencrypted via HTTP. HSTS prevents this at the browser level. It is recommended that HSTS be turned on for all HTTPS sites.
To fix this you need to send the strict-transport-security header in all responses when using HTTPS. It is recommended that you use a third party library or OWIN middleware to handle this for you. Given your existing headers it appears you're using ASP.NET Webforms. Hanselman posted a blog article a long time ago on how to do this in ASP.NET. It would also work for ASP.NET MVC apps.
IIS 10.0 seems to support it out of the box but I haven't tried that approach.
OWIN-based apps have middleware to handle this so you can do it that way I believe. For ASP.NET Core it is supported out of the box using the approach given here.
Once you've made the change then the header will be sent in any response from the server over HTTPS.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 28.999999999999996%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVW%3C/text%3E%3C/svg%3E)