diff --git a/OwaspHeaders.Core-Logo-small.png b/OwaspHeaders.Core-Logo-small.png
deleted file mode 100644
index 40d5c31..0000000
Binary files a/OwaspHeaders.Core-Logo-small.png and /dev/null differ
diff --git a/OwaspHeaders.Core-Logo.png b/OwaspHeaders.Core-Logo.png
deleted file mode 100644
index 3accd1e..0000000
Binary files a/OwaspHeaders.Core-Logo.png and /dev/null differ
diff --git a/OwaspHeaders.Core.Tests/CustomHeaders/CacheControlHeaderOptionsTests.cs b/OwaspHeaders.Core.Tests/CustomHeaders/CacheControlHeaderOptionsTests.cs
index 351ff59..4fbb1ae 100644
--- a/OwaspHeaders.Core.Tests/CustomHeaders/CacheControlHeaderOptionsTests.cs
+++ b/OwaspHeaders.Core.Tests/CustomHeaders/CacheControlHeaderOptionsTests.cs
@@ -2,7 +2,6 @@
using System.Threading;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Http;
-using OwaspHeaders.Core;
using OwaspHeaders.Core.Extensions;
using Xunit;
diff --git a/OwaspHeaders.Core.Tests/CustomHeaders/ContentSecurityPolicyOptionsTests.cs b/OwaspHeaders.Core.Tests/CustomHeaders/ContentSecurityPolicyOptionsTests.cs
index cad9aa6..36a3450 100644
--- a/OwaspHeaders.Core.Tests/CustomHeaders/ContentSecurityPolicyOptionsTests.cs
+++ b/OwaspHeaders.Core.Tests/CustomHeaders/ContentSecurityPolicyOptionsTests.cs
@@ -1,5 +1,4 @@
using System.Threading.Tasks;
-using OwaspHeaders.Core;
using OwaspHeaders.Core.Enums;
using OwaspHeaders.Core.Extensions;
using Xunit;
diff --git a/OwaspHeaders.Core.Tests/CustomHeaders/CrossOriginOptionsTests.cs b/OwaspHeaders.Core.Tests/CustomHeaders/CrossOriginOptionsTests.cs
index a2398bf..b622af2 100644
--- a/OwaspHeaders.Core.Tests/CustomHeaders/CrossOriginOptionsTests.cs
+++ b/OwaspHeaders.Core.Tests/CustomHeaders/CrossOriginOptionsTests.cs
@@ -1,5 +1,4 @@
using System.Threading.Tasks;
-using OwaspHeaders.Core;
using OwaspHeaders.Core.Extensions;
using OwaspHeaders.Core.Models;
using Xunit;
diff --git a/OwaspHeaders.Core.Tests/CustomHeaders/ExpectCtOptionsTests.cs b/OwaspHeaders.Core.Tests/CustomHeaders/ExpectCtOptionsTests.cs
index ccb7cba..a459fed 100644
--- a/OwaspHeaders.Core.Tests/CustomHeaders/ExpectCtOptionsTests.cs
+++ b/OwaspHeaders.Core.Tests/CustomHeaders/ExpectCtOptionsTests.cs
@@ -1,5 +1,4 @@
using System.Threading.Tasks;
-using OwaspHeaders.Core;
using OwaspHeaders.Core.Extensions;
using Xunit;
diff --git a/OwaspHeaders.Core.Tests/CustomHeaders/PermittedCrossDomainPoliciesOptionsTests.cs b/OwaspHeaders.Core.Tests/CustomHeaders/PermittedCrossDomainPoliciesOptionsTests.cs
index d605d4a..a817c08 100644
--- a/OwaspHeaders.Core.Tests/CustomHeaders/PermittedCrossDomainPoliciesOptionsTests.cs
+++ b/OwaspHeaders.Core.Tests/CustomHeaders/PermittedCrossDomainPoliciesOptionsTests.cs
@@ -1,5 +1,4 @@
using System.Threading.Tasks;
-using OwaspHeaders.Core;
using OwaspHeaders.Core.Extensions;
using Xunit;
diff --git a/OwaspHeaders.Core.Tests/CustomHeaders/ReferrerPolicyOptionsTests.cs b/OwaspHeaders.Core.Tests/CustomHeaders/ReferrerPolicyOptionsTests.cs
index aca1cb2..9e246e7 100644
--- a/OwaspHeaders.Core.Tests/CustomHeaders/ReferrerPolicyOptionsTests.cs
+++ b/OwaspHeaders.Core.Tests/CustomHeaders/ReferrerPolicyOptionsTests.cs
@@ -1,5 +1,4 @@
using System.Threading.Tasks;
-using OwaspHeaders.Core;
using OwaspHeaders.Core.Extensions;
using Xunit;
diff --git a/OwaspHeaders.Core.Tests/CustomHeaders/SecureHeadersTests.cs b/OwaspHeaders.Core.Tests/CustomHeaders/SecureHeadersTests.cs
index 4367a36..79af584 100644
--- a/OwaspHeaders.Core.Tests/CustomHeaders/SecureHeadersTests.cs
+++ b/OwaspHeaders.Core.Tests/CustomHeaders/SecureHeadersTests.cs
@@ -2,7 +2,6 @@
using System.Threading;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Http;
-using OwaspHeaders.Core;
using OwaspHeaders.Core.Models;
using Xunit;
diff --git a/OwaspHeaders.Core.Tests/CustomHeaders/StrictTransportSecurityOptionsTests.cs b/OwaspHeaders.Core.Tests/CustomHeaders/StrictTransportSecurityOptionsTests.cs
index 2ff619a..a980679 100644
--- a/OwaspHeaders.Core.Tests/CustomHeaders/StrictTransportSecurityOptionsTests.cs
+++ b/OwaspHeaders.Core.Tests/CustomHeaders/StrictTransportSecurityOptionsTests.cs
@@ -1,5 +1,4 @@
using System.Threading.Tasks;
-using OwaspHeaders.Core;
using OwaspHeaders.Core.Extensions;
using Xunit;
@@ -21,7 +20,7 @@ public async Task When_UseHstsCalled_Header_Is_Present()
// assert
Assert.True(headerPresentConfig.UseHsts);
Assert.True(_context.Response.Headers.ContainsKey(Constants.StrictTransportSecurityHeaderName));
- Assert.Equal("max-age=63072000;includeSubDomains",
+ Assert.Equal("max-age=31536000;includeSubDomains",
_context.Response.Headers[Constants.StrictTransportSecurityHeaderName]);
}
diff --git a/OwaspHeaders.Core.Tests/CustomHeaders/XContextTypeOptionsTests.cs b/OwaspHeaders.Core.Tests/CustomHeaders/XContextTypeOptionsTests.cs
index fd6005b..4d25c0c 100644
--- a/OwaspHeaders.Core.Tests/CustomHeaders/XContextTypeOptionsTests.cs
+++ b/OwaspHeaders.Core.Tests/CustomHeaders/XContextTypeOptionsTests.cs
@@ -1,5 +1,4 @@
using System.Threading.Tasks;
-using OwaspHeaders.Core;
using OwaspHeaders.Core.Extensions;
using Xunit;
diff --git a/OwaspHeaders.Core.Tests/CustomHeaders/XFrameOptionsTests.cs b/OwaspHeaders.Core.Tests/CustomHeaders/XFrameOptionsTests.cs
index 2e51867..c44e47e 100644
--- a/OwaspHeaders.Core.Tests/CustomHeaders/XFrameOptionsTests.cs
+++ b/OwaspHeaders.Core.Tests/CustomHeaders/XFrameOptionsTests.cs
@@ -1,5 +1,4 @@
using System.Threading.Tasks;
-using OwaspHeaders.Core;
using OwaspHeaders.Core.Extensions;
using Xunit;
diff --git a/OwaspHeaders.Core.Tests/CustomHeaders/XRemovePoweredByOptions.cs b/OwaspHeaders.Core.Tests/CustomHeaders/XRemovePoweredByOptions.cs
index ff294d9..b637135 100644
--- a/OwaspHeaders.Core.Tests/CustomHeaders/XRemovePoweredByOptions.cs
+++ b/OwaspHeaders.Core.Tests/CustomHeaders/XRemovePoweredByOptions.cs
@@ -1,5 +1,4 @@
using System.Threading.Tasks;
-using OwaspHeaders.Core;
using OwaspHeaders.Core.Extensions;
using Xunit;
diff --git a/OwaspHeaders.Core.Tests/CustomHeaders/XssProtectionOptionTests.cs b/OwaspHeaders.Core.Tests/CustomHeaders/XssProtectionOptionTests.cs
index 7e99f4f..376e08d 100644
--- a/OwaspHeaders.Core.Tests/CustomHeaders/XssProtectionOptionTests.cs
+++ b/OwaspHeaders.Core.Tests/CustomHeaders/XssProtectionOptionTests.cs
@@ -1,5 +1,4 @@
using System.Threading.Tasks;
-using OwaspHeaders.Core;
using OwaspHeaders.Core.Extensions;
using Xunit;
diff --git a/OwaspHeaders.Core.Tests/RegressionTests/CspRegressionTests.cs b/OwaspHeaders.Core.Tests/RegressionTests/CspRegressionTests.cs
index 74b883c..a507a5d 100644
--- a/OwaspHeaders.Core.Tests/RegressionTests/CspRegressionTests.cs
+++ b/OwaspHeaders.Core.Tests/RegressionTests/CspRegressionTests.cs
@@ -4,7 +4,6 @@
using System.Threading;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Http;
-using OwaspHeaders.Core;
using OwaspHeaders.Core.Enums;
using OwaspHeaders.Core.Extensions;
using OwaspHeaders.Core.Models;
diff --git a/README-NuGet.md b/README-NuGet.md
index 2df7aba..69b84ba 100644
--- a/README-NuGet.md
+++ b/README-NuGet.md
@@ -35,7 +35,7 @@ The following is an example of the response headers from version 9.0.0 (taken on
content-security-policy: script-src 'self';object-src 'self';block-all-mixed-content;upgrade-insecure-requests;
cross-origin-resource-policy: same-origin
referrer-policy: no-referrer
- strict-transport-security: max-age=63072000;includeSubDomains
+ strict-transport-security: max-age=31536000;includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-permitted-cross-domain-policies: none;
diff --git a/README.md b/README.md
index 05ed58c..a6efdb6 100644
--- a/README.md
+++ b/README.md
@@ -49,7 +49,7 @@ The following is an example of the response headers from version 9.0.0 (taken on
content-security-policy: script-src 'self';object-src 'self';block-all-mixed-content;upgrade-insecure-requests;
cross-origin-resource-policy: same-origin
referrer-policy: no-referrer
- strict-transport-security: max-age=63072000;includeSubDomains
+ strict-transport-security: max-age=31536000;includeSubDomains
x-content-type-options: nosniff
x-frame-options: DENY
x-permitted-cross-domain-policies: none;
diff --git a/changelog.md b/changelog.md
index d7b7407..8537938 100644
--- a/changelog.md
+++ b/changelog.md
@@ -22,6 +22,10 @@ This version dropped support for .NET 6 and .NET 7, as they are no longer suppor
All projects in the [GitHub repo](https://github.com/GaProgMan/OwaspHeaders.Core) now build and run with either .NET 8 or .NET 9, whichever is present (deferring to the highest version number if both are present). As of November 19th, 2024 there are no new features in Version 9, so if you still need to use the NuGet package with .NET 6 or 7 please use Version 8 of the package.
+#### Version 9.1
+
+The `max-age` value for the Strict-Transport-Security (HSTS) header was updated to the OWASP recommended value of 31536000 (365 days).
+
### Version 8
This version dropped support for support for ASP .NET Core on .NET Framework workflows. This means that, from version 8 onwards, this package will no longer with with .NET Framework workloads. This decision was made as Microsoft have dropped support for ASP .NET Core on .NET Framework workloads. This can be seen in the ASP .NET Core support documentation [here](https://dotnet.microsoft.com/en-us/platform/support/policy/aspnet#dotnet-core)
diff --git a/docs/index.md b/docs/index.md
index 0d7013d..66bbb9c 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -35,7 +35,7 @@ The following is an example of the response headers from version 9.0.0 (taken on
```plaintext
Cache-Control: max-age=31536000;private
-Strict-Transport-Security: max-age=63072000;includeSubDomains
+Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Frame-Options: DENY
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
diff --git a/src/Extensions/SecureHeadersMiddlewareBuilder.cs b/src/Extensions/SecureHeadersMiddlewareBuilder.cs
index fffbc6a..f1816c0 100644
--- a/src/Extensions/SecureHeadersMiddlewareBuilder.cs
+++ b/src/Extensions/SecureHeadersMiddlewareBuilder.cs
@@ -45,7 +45,7 @@ public static SecureHeadersMiddlewareConfiguration CreateBuilder()
///
public static SecureHeadersMiddlewareConfiguration UseHsts
(this SecureHeadersMiddlewareConfiguration config,
- int maxAge = 63072000, bool includeSubDomains = true)
+ int maxAge = 31536000, bool includeSubDomains = true)
{
config.UseHsts = true;
config.HstsConfiguration = new HstsConfiguration(maxAge, includeSubDomains);
diff --git a/src/OwaspHeaders.Core.csproj b/src/OwaspHeaders.Core.csproj
index 2b65bca..e0d2e2f 100644
--- a/src/OwaspHeaders.Core.csproj
+++ b/src/OwaspHeaders.Core.csproj
@@ -8,7 +8,7 @@
OwaspHeaders.Core
- 9.0.1
+ 9.1.1
Jamie Taylor
RJJ Software Ltd
MIT
diff --git a/src/OwaspHeadersCore.nuspec b/src/OwaspHeadersCore.nuspec
deleted file mode 100644
index b67a81e..0000000
--- a/src/OwaspHeadersCore.nuspec
+++ /dev/null
@@ -1,26 +0,0 @@
-
-
-
- OwaspHeaders.Core
- 8.1.0
- GaProgMan
- GaProgMan
- docs\README-NuGet.md
- https://github.com/GaProgMan/OwaspHeaders.Core
- https://raw.githubusercontent.com/GaProgMan/OwaspHeaders.Core/master/OwaspHeaders.Core-Logo-small.png
- false
- An ASP.NET Core Middleware which adds the OWASP recommended HTTP headers for enhanced security.
- OWASP Http-headers Security ASP-NET-Core Middleware
-
-
-
-
-
-
-
-
-
-
-
-
-