If your Azure App Service is behind Azure Application Gateway you will need to implement Strict Transport Security and Secure Headers in your Azure Application Gateway instead of App Service’s web.config or .htaccess Azure Application Gateway has an ability to add, remove or modify inbound and outbound headers. This can be done in “Rewrites” section …