Enable OWASP secure headers on Azure FrontDoor service
Requesting Front Door be supporting OWASP secure headers (https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#tab=Headers)?
Currently, our POC website using Azure FrontDoor fails many OWASP header tests, especially when Front Door would claim to protect against few OWASP attacks.
Appreciate that these be on the FrontDoor roadmap in very near future.
OWASP HTTP Secure Headers
HTTP Strict Transport Security (HSTS)
Public Key Pinning Extension for HTTP (HPKP)
Dennis Feiock commented
Beyond the standard OWASP headers, having full control over response headers via configuration would be great. Maybe something similar to what Azure CDN provides with their rules engine?
Siddhant Gosavi commented
Hi FrontDoor Team,
Can we please have this feature in the roadmap, it will be really help for a lot of users to improve their security posture without many efforts.
Unmesh Vinod commented
OWASP secure headers in FrontDoor would be appreciated