---
title: "Why is use of UseHsts() in .NET Core applications?"  
description: "Why is use of UseHsts() in .NET Core applications?"  
author: "Manish Sharma"  
published: 2026-07-16  
updated: 2026-07-16  
canonical: https://answers.mindstick.com/qa/116970/why-is-use-of-usehsts-in-dot-net-core-applications  
category: "asp.net"  
tags: ["asp.net", ".net programming"]  
reading_time: 2 minutes  

---

# Why is use of UseHsts() in .NET Core applications?

## Why is use of UseHsts() in .NET Core applications?

## Answers

### Answer by Anubhav Sharma

> `UseHsts()` tells the **browser to always use a secure (HTTPS) connection** when visiting your website.

### Real-life analogy

Imagine your bank has a rule:

> ## "For your safety, always enter through the main security gate. Never use the back door."

The first time you visit, the bank informs you of this rule.

After that, you remember it and **always use the secure entrance**.

`UseHsts()` works the same way.

- The **secure entrance** = HTTPS
- The **unsafe entrance** = HTTP
- The **browser remembers the rule** = HSTS (HTTP Strict Transport Security)

## Without `UseHsts()`

A user types:

```plaintext
http://example.com
```

The browser first tries an **unsecured HTTP connection**.

Then the server redirects the user to:

```plaintext
https://example.com
```

Although the redirect works, that initial HTTP request could potentially be intercepted.

## With `UseHsts()`

On the first secure visit, the server tells the browser:

> "From now on, always use HTTPS for this website."

The browser remembers this.

Next time, if the user types:

```plaintext
http://example.com
```

the browser **automatically changes it to**:

```plaintext
https://example.com
```

before sending the request.

This avoids making an insecure HTTP request.

## Simple Example

```plaintext
// Enable HSTS for the application
app.UseHsts();
```

### What happens?

- A user visits your website using HTTPS.
- The server sends an HSTS header to the browser.
- The browser saves this rule.
- On future visits, the browser always uses HTTPS automatically.

## Why is `UseHsts()` Important?

- Keeps user data secure.
- Prevents users from accidentally using HTTP.
- Protects against certain network attacks that rely on insecure connections.
- Makes your website more secure by enforcing HTTPS.

## In One Sentence

> `UseHsts()` **tells the browser, "Always connect to this website using HTTPS, never HTTP," making future visits more secure.**

## Key Points

- `UseHsts()` enables **HTTP Strict Transport Security (HSTS)**.
- It instructs browsers to use **HTTPS only** for future requests.
- It helps protect against attacks that exploit insecure HTTP connections.
- It works **after the browser has visited the site securely at least once**.
- It is typically enabled **only in Production**, not during Development.


---

Original Source: https://answers.mindstick.com/qa/116970/why-is-use-of-usehsts-in-dot-net-core-applications

Copyright © MindStick Software Pvt. Ltd. This Markdown version is provided for developers, AI systems, and offline reading.
