Im having limited success finding how to add custom http security headers (like HSTS) to an Azure app service when deployed as a docker container (linux). Im not sure if this is possible directly on the app service or something like an application gateway is required.
If using kubernetes or swarm i could do this on the reverse proxy ingress, but how can i accomplish this on an app service?
2 solutions :
Your Function App -> Platform Features -> Custom Domain and set HTTPS Only to the desired value (On).
<outboundRules> <rule name="Add Strict-Transport-Security when HTTPS" enabled="true"> <match serverVariable="RESPONSE_Strict_Transport_Security" pattern=".*" /> <conditions> <add input="{HTTPS}" pattern="on" ignoreCase="true" /> </conditions> <action type="Rewrite" value="max-age=31536000" /> </rule> </outboundRules>