How can we improve Azure Networking?

← Networking

Support HSTS and HPKP

Allow HSTS and HPKP to be enabled on Azure CDN

Currently these values can only be passed through from the origin, which is fine for HSTS but can cause issues for HPKP (as the CDN cert may change, and probably doesn't match the origin cert)

7 votes
Vote
Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
You have left! (?) (thinking…)
Matthew Steeples shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
under review  ·  Anton Kucer [MSFT] responded  · 

How do you want HSTS to be enabled on the CDN? HSTS can be enabled on Azure CDN from Verizon Premium by using the rules engine to add the “Strict-Transports-Security” response header. Support for HPKP would likely require customers to provide their own HTTPS certificates. Once support for providing your own certificates is available the rules engine could be used to enabled HPKP support.

1 comment

Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Matthew Steeples commented  ·   ·  Flag as inappropriate

    Thanks. I'd not seen that these were on the Verizon offering, as I'm currently using the Akamai one. Having said that, as Azure/Verizon are aware of their own certificates, then the service should be able to provided HPKP headers itself

Networking: Content Delivery Network

Categories

Feedback and Knowledge Base

(thinking…)
Hosted by UserVoice