I've written a blog post on another site:
Using HTTPS on your website provides additional security for your users: confidentiality, integrity and authentication. Using Let's encrypt, you can get a free certificate and start using HTTPS. If you aren't using HTTPS yet, you can read my previous blog post about setting up Let's encrypt for your website.
But HTTPS isn't perfect, and some people has found multiple attacks: CRIME, BEAST, POODLE
The full post is available at the following URL: https://www.softfluent.com/blog/dev/Improve-the-security-of-your-website-using-SSL-and-HSTS-with-ASP-NET-Core