Forum Discussion
Dest1337
Mar 23, 2021Copper Contributor
Azure Application Gateway/App Service + Secure Headers
Hello Everyone!!! Hope you guys are doing great. Im looking to create Security Headers (detailed above) from OWASP recommendations to An App service in Azure. HTTP Strict Transport Security...
AlvinAbraham
Nov 17, 2023Copper Contributor
- _AndreGNov 17, 2023Copper ContributorOne point of caution (and I am not sure if Front Door handles that better): I have had a scenario where we were using a third party WAF and also setup adding a HSTS header. However, some of the websites set their own HSTS header, which resulted in a double HSTS header. This caused issues with some applications.
So either make sure headers are only added by Front Door (or whatever WAF/Reverse proxy) or add a rule to remove existing HSTS headers first