Maviso2022-6989,
In App Service, TLS/SSL termination happens at the network load balancers, so all HTTPS requests reach your app as unencrypted HTTP requests.
You could control (on all response headers) and include to return HSTS policy header explicitly. There is no App Service feature to enforce such policy on user's behalf.
Just to highlight, App Services HttpsOnly is limited to redirect Http-Https but not extend to forcing single HSTS policy to all your users.
You may take a look at this similar discussion App service security headers.
If you have any further questions, please let us know.