This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 46%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAV%3C/text%3E%3C/svg%3E)
We are deploying our app services in Linux container in Azure as WebApp. Our vulnerability scanning tools detects “HTTP Strict Transport Security (HSTS) not enforced” which does not comply with our security policies. How to fix this issue? below are the screenshots of the issue:
https://domsignal.com/test/1tzndap306mrw2x8d3ofg3gt1f51hgs6
This website is using a custom domain pointed to the azure app service default domain. ****website.azurewebsites.net
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 24%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAA%3C/text%3E%3C/svg%3E)
On the Azure end Under “TLS/SSL settings,” turn on “HTTPS Only.” This forces all HTTP traffic to be redirected to HTTPS. If this is set correctly then you need to review/add HSTS settings in your app code.
You can mark it 'Accept Answer' and 'Upvote' if this helped you
Regards,
Abiola
Azure HTTPS only is already turned ON. See attached. Can you guide us how to add HSTS settings in our app code. Guide us, we are using ReactJS (Express) and some are Wordpress in Azure and .Net 8 C#.