Az you are using Linux hosts then the web service is Apache (as long as the service stack is not PHP8). Therefore you can use directives in a [dot]htaccess
file to add response headers.
The last section of this article provides an example. This article provides some more detail around specific security response headers and their configuration in [dot]htaccess
Create a [dot]htaccess
file in the root of your site.
Depending upon the detail of your architecture, if the site is behind another resource such as an app gateway or Azure Front Door instance, these services can also be used to 'rewrite' the response headers, adding and changing them, as the traffic passes through them on the way back to the client.
Note the [dot] in the above should be replaced with a .
however trying to include the full and correct filename is blocked when posting on the MS Q&A site for security reasons.
Please 'Accept as answer' and ‘Upvote’ if it helped so that it can help others in the community looking for help on similar topics.