How can we improve Azure CDN?

Support HSTS and HPKP

Allow HSTS and HPKP to be enabled on Azure CDN

Currently these values can only be passed through from the origin, which is fine for HSTS but can cause issues for HPKP (as the CDN cert may change, and probably doesn't match the origin cert)

3 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Matthew Steeples shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    How do you want HSTS to be enabled on the CDN? HSTS can be enabled on Azure CDN from Verizon Premium by using the rules engine to add the “Strict-Transports-Security” response header. Support for HPKP would likely require customers to provide their own HTTPS certificates. Once support for providing your own certificates is available the rules engine could be used to enabled HPKP support.

    1 comment

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Matthew Steeples commented  ·   ·  Flag as inappropriate

        Thanks. I'd not seen that these were on the Verizon offering, as I'm currently using the Akamai one. Having said that, as Azure/Verizon are aware of their own certificates, then the service should be able to provided HPKP headers itself

      Feedback and Knowledge Base