Enable OWASP secure headers on Azure FrontDoor service
Requesting Front Door be supporting OWASP secure headers (https://www.owasp.org/index.php/OWASPSecureHeaders_Project#tab=Headers)?
Currently, our POC website using Azure FrontDoor fails many OWASP header tests, especially when Front Door would claim to protect against few OWASP attacks.
Appreciate that these be on the FrontDoor roadmap in very near future.
OWASP HTTP Secure Headers
HTTP Strict Transport Security (HSTS)
Public Key Pinning Extension for HTTP (HPKP)
Teresa Yao commented
You may set response headers using newly released rules engine capabilities.
Rune Synnevåg commented
Any updates on this? We realy need it for a new product we are workin on.
Shahid Iqbal commented
Echo what Dennis has already said, having ability to add/re-write custom headers will make AFD much more attractive for scenarios where you can host content in storage and want to ensure security headers are applied.
OWASP HTTP Secure Headers would be a great addition to Azure Front door
Dennis Feiock commented
Beyond the standard OWASP headers, having full control over response headers via configuration would be great. Maybe something similar to what Azure CDN provides with their rules engine?
Siddhant Gosavi commented
Hi FrontDoor Team,
Can we please have this feature in the roadmap, it will be really help for a lot of users to improve their security posture without many efforts.
Unmesh Vinod commented
OWASP secure headers in FrontDoor would be appreciated