By default, clients can connect to function endpoints by using both HTTP or HTTPS. You should redirect HTTP to HTTPs because HTTPS uses the SSL/TLS protocol to provide a secure connection, which is both encrypted and authenticated.
Anyone can access the Function App using HTTP.
You can redirect all HTTP requests to the HTTPS port.
The following example will fail the azure-appservice-enforce-https check.
The following example will pass the azure-appservice-enforce-https check.