Forum Discussion
Azure Application Gateway/App Service + Secure Headers
Hello Everyone!!! Hope you guys are doing great. Im looking to create Security Headers (detailed above) from OWASP recommendations to An App service in Azure. https://owasp.org/www-project-...
- One point of caution (and I am not sure if Front Door handles that better): I have had a scenario where we were using a third party WAF and also setup adding a HSTS header. However, some of the websites set their own HSTS header, which resulted in a double HSTS header. This caused issues with some applications.
So either make sure headers are only added by Front Door (or whatever WAF/Reverse proxy) or add a rule to remove existing HSTS headers first
