Hello Wilson, TaRan (Avison Young - US)
HSTS can be enabled in multiple ways: API Management - https://learn.microsoft.com/en-us/answers/questions/845443/add-hsts-to-an-azure-api-management-service
App Gateway - https://techcommunity.microsoft.com/t5/azure/azure-application-gateway-app-service-secure-headers/m-p/2231277
App Service with Docker Containers - https://azureaggregator.wordpress.com/2022/10/31/adding-hsts-header-in-the-nginx-based-app-service/
Also If you want to follow best security practices and implement Strict Transport Security and Secure Headers in your Azure App Service you will need to add Security Headers in web.config
or htaccess
files in your web application’s root folder. https://itgala.xyz/implementing-security-headers-in-azure-app-service/