Support HSTS and HPKP
Allow HSTS and HPKP to be enabled on Azure CDN
Currently these values can only be passed through from the origin, which is fine for HSTS but can cause issues for HPKP (as the CDN cert may change, and probably doesn't match the origin cert)
How do you want HSTS to be enabled on the CDN? HSTS can be enabled on Azure CDN from Verizon Premium by using the rules engine to add the “Strict-Transports-Security” response header. Support for HPKP would likely require customers to provide their own HTTPS certificates. Once support for providing your own certificates is available the rules engine could be used to enabled HPKP support.
Matthew Steeples commented
Thanks. I'd not seen that these were on the Verizon offering, as I'm currently using the Akamai one. Having said that, as Azure/Verizon are aware of their own certificates, then the service should be able to provided HPKP headers itself