Microsoft Corporation. (2023). Configure TLS mutual authentication for Azure App Service. Microsoft Learn. In the section "Access the client certificate," it states, "App Service forwards the client certificate as a base64-encoded string in the X-ARR-ClientCert request header." This directly confirms both selections.
Shein, E. (2018). Implementing and Auditing the Secure Sockets Layer Protocol. In The Common Body of Knowledge for Information Security Professionals (p. 238). Auerbach Publications. DOI: https://doi.org/10.1201/9780429466384. This book describes the general architecture where a front-end server or proxy handles the SSL/TLS handshake and can pass client certificate details to a back-end application, often via custom HTTP headers.
Fielding, R., & Reschke, J. (2014). Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing. RFC 7230, Section 3.2. Internet Engineering Task Force (IETF). This standard defines the syntax for HTTP message headers, which consist of a case-insensitive field name followed by a colon and field value. It establishes the text-based nature of headers, necessitating the encoding of binary data like certificates.