diff --git a/src/Microsoft.AspNetCore.Mvc.Core/RequireHttpsAttribute.cs b/src/Microsoft.AspNetCore.Mvc.Core/RequireHttpsAttribute.cs
index 40975dd211..b3c34a1a96 100644
--- a/src/Microsoft.AspNetCore.Mvc.Core/RequireHttpsAttribute.cs
+++ b/src/Microsoft.AspNetCore.Mvc.Core/RequireHttpsAttribute.cs
@@ -15,6 +15,12 @@ namespace Microsoft.AspNetCore.Mvc
     [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = false)]
     public class RequireHttpsAttribute : Attribute, IAuthorizationFilter, IOrderedFilter
     {
+        /// <summary>
+        /// Specifies whether a permanent redirect, <c>301 Moved Permanently</c>,
+        /// should be used instead of a temporary redirect, <c>302 Found</c>.
+        /// </summary>
+        public bool Permanent { get; set; }
+
         /// <inheritdoc />
         public int Order { get; set; }
 
@@ -84,7 +90,7 @@ namespace Microsoft.AspNetCore.Mvc
                     request.QueryString.ToUriComponent());
 
                 // redirect to HTTPS version of page
-                filterContext.Result = new RedirectResult(newUrl, permanent: false);
+                filterContext.Result = new RedirectResult(newUrl, Permanent);
             }
         }
     }
diff --git a/test/Microsoft.AspNetCore.Mvc.Core.Test/RequireHttpsAttributeTests.cs b/test/Microsoft.AspNetCore.Mvc.Core.Test/RequireHttpsAttributeTests.cs
index 713b58e3cc..1480c9102d 100644
--- a/test/Microsoft.AspNetCore.Mvc.Core.Test/RequireHttpsAttributeTests.cs
+++ b/test/Microsoft.AspNetCore.Mvc.Core.Test/RequireHttpsAttributeTests.cs
@@ -191,6 +191,27 @@ namespace Microsoft.AspNetCore.Mvc
             Assert.Equal(expectedUrl, result.Url);
         }
 
+        [Theory]
+        [InlineData(true)]
+        [InlineData(false)]
+        public void OnAuthorization_RedirectsToHttpsEndpoint_WithSpecifiedStatusCode(bool permanent)
+        {
+            var requestContext = new DefaultHttpContext();
+            requestContext.RequestServices = CreateServices();
+            requestContext.Request.Scheme = "http";
+            requestContext.Request.Method = "GET";
+            
+            var authContext = CreateAuthorizationContext(requestContext);
+            var attr = new RequireHttpsAttribute { Permanent = permanent };
+
+            // Act
+            attr.OnAuthorization(authContext);
+
+            // Assert
+            var result = Assert.IsType<RedirectResult>(authContext.Result);
+            Assert.Equal(permanent, result.Permanent);
+        }
+
         private class CustomRequireHttpsAttribute : RequireHttpsAttribute
         {
             protected override void HandleNonHttpsRequest(AuthorizationFilterContext filterContext)