How do I set the CSP and HSTS for an Azure app?

Wilson, TaRan (Avison Young - US) 20 Reputation points

I have created an Azure app and use a custom domain to access it. However, when putting the URL through our cyber security process, it came back that the CSP and HSTS needs to be updated. I cannot find where in Azure to update the security headers. Where can I update the CSP and HSTS for my app?

Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,721 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,865 questions
0 comments No comments
{count} votes

Accepted answer
  1. Andriy Bilous 10,901 Reputation points MVP

    Hello Wilson, TaRan (Avison Young - US)

    HSTS can be enabled in multiple ways: API Management

    App Gateway -

    App Service with Docker Containers -


    Also If you want to follow best security practices and implement Strict Transport Security and Secure Headers in your Azure App Service you will need to add Security Headers in web.config or htaccess files in your web application’s root folder.

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful