HSTS for Azure Static Web Apps: Options, Pros and Cons
If you host on Azure Static Web Apps, HSTS looks deceptively simple. You want one header: Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Done, right? Not quite. Azure Static Web Apps is great for shipping frontend apps fast, but once you care about security headers, especially HSTS, you run into a design constraint: you do not get full control over the edge like you would with a custom reverse proxy, Nginx, or a tuned CDN setup. ...