301status code and will include the URL and query string. The redirect will only fire for
GETHTTP requests since redirecting a form
POSTwould lose the form fields (request body).
Strict-Transport-Securityheader to your site. This instructs the browser to automatically use HTTPS every time the user visits your site again. With an HSTS header, once your browser has cached the fact that you want HTTPS to always be used, even if the user just types your domain and hits enter, the browser will change it over to HTTPS before sending the request. This prevents having an initial HTTP request before the redirect kicks in.
falsefor this setting.
web.SSL.HSTS.enablesetting is required. The rest are optional.