Forum Discussion
Azure Load Balancer and security headers
Hi, If I need to set Access-Control-Allow-Origin (something else than *) in the server. Does anybody have experiences if that is header is traveling through the Azure Load Balancer? Some documentati...
Azure Load Balancer (ALB) works at Layer 4 (Transport Layer) and does not modify HTTP headers, including Access-Control-Allow-Origin. If your backend server sets this header, it will pass through ALB without changes.
If you use Azure Application Gateway or Azure Front Door (both operate at Layer 7), they can modify headers via rewrite rules. Also, if WAF is enabled, it might block or alter CORS headers.
So, as long as your backend properly sets Access-Control-Allow-Origin, ALB won’t interfere. If you need header modifications, consider using Application Gateway or Front Door instead.