If you want to follow best security practices and implement Strict Transport Security and Secure Headers in your Azure App Service you will need to add Security Headers in web.config
or .htaccess
files in your web application’s root folder.
Before you start remember that App Services run on a PaaS. This means that not everything can be touched or changed. We will be addressing the Azure App Service on Windows, thus, server by IIS webserver. Continue reading