My company has just deployed a azure app proxy application, pointing to an internal server.
Authentication is done at the app proxy instance.
As part of this we have had a vulnerability scan completed & we have 2 things that need looking at.
We need to set the HSTS header & it is also showing as having weak Ciphers.
Is there a way to change these settings at the app proxy layer, or do I need an application gateway in front (not too sure if you can put an app gateway in front of an app proxy app).
I couldn't figure out what category to put this in with a support call with Microsoft.