Google App Engine has the ability to force HTTPS, which is a common best practice to help protect data in-transit. For more information on securing App Engine Apps, see the GCP documentation.
References:
https://cloud.google.com/appengine/docs/standard/application-security
The handlers.security_level can be configured via an app's app.yaml file. After being manually changed, it can be applied in a GKE workload.
In Terraform -
References:
https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/app_engine_standard_app_version#nested_handlers
https://cloud.google.com/appengine/docs/legacy/standard/python/config/appref#handlers_element