Ensure that your Microsoft Azure App Service web applications are using the latest version of the HTTP protocol (i.e. HTTP/2) in order to make your web applications load faster. HTTP 2.0 represents a major upgrade of the HTTP/1.1 protocol, that has the primary goal of reducing the impact of latency and connection load on web servers by implementing full request and response multiplexing, minimizing protocol overhead via compression of HTTP header fields, and by adding support for HTTP request prioritization and server push.
This rule resolution is part of the Cloud Conformity Security & Compliance tool for Azure
Once enabled, HTTP/2 will make your Azure App Service web applications faster, simpler, and more robust, as this optimized version of the HTTP protocol no longer supports HTTP 1.1's chunked transfer encoding mechanism, and provides its own, more efficient mechanism for data streaming. The main benefits of HTTP/2: it is fully multiplexed (instead of ordered and blocking like HTTP 1.1), uses only one TCP/IP connection and has the ability to use this connection for parallelism, uses header compression to reduce overhead, and it's binary.
Note: Most modern web browsers support HTTP 2.0 protocol over TLS only, while non-encrypted traffic continues to use HTTP 1.1. To ensure that all your application clients are connecting to your web apps using HTTP/2, you can buy an Azure App Service certificate for your application's custom domain or bind a third-party certificate.
To determine if your Azure App Service applications are using the latest version of the HTTP protocol, perform the following actions:
Remediation / Resolution
To enable the HTTP/2 protocol for your Microsoft Azure App Service web applications, perform the following actions:
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
You are auditing:
Risk level: Low