How can we improve Azure Networking?

Enable OWASP secure headers on Azure FrontDoor service

Requesting Front Door be supporting OWASP secure headers (https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#tab=Headers)?
Currently, our POC website using Azure FrontDoor fails many OWASP header tests, especially when Front Door would claim to protect against few OWASP attacks.
Appreciate that these be on the FrontDoor roadmap in very near future.

OWASP HTTP Secure Headers
------------------------------
HTTP Strict Transport Security (HSTS)
Public Key Pinning Extension for HTTP (HPKP)
X-Frame-Options
X-XSS-Protection
X-Content-Type-Options
Content-Security-Policy
X-Permitted-Cross-Domain-Policies
Referrer-Policy
Expect-CT
Feature-Policy

150 votes
Vote
Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
You have left! (?) (thinking…)
Gururaj Pandurangi shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

3 comments

Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
Submitting...
  • Dennis Feiock commented  ·   ·  Flag as inappropriate

    Beyond the standard OWASP headers, having full control over response headers via configuration would be great. Maybe something similar to what Azure CDN provides with their rules engine?

  • Siddhant Gosavi commented  ·   ·  Flag as inappropriate

    Hi FrontDoor Team,

    Can we please have this feature in the roadmap, it will be really help for a lot of users to improve their security posture without many efforts.

Feedback and Knowledge Base