1
votes

We are delivering Angular application over Azure CDN(no web server), also there would be lots of images/videos(stored on Blob storage) that our site would be serving. How can I add security headers like X Frame options, X SSS protection, no sniff while serving content from CDN?

1
Its important for us to serve website with at least these headers ✓ strict-transport-security ✓ x-content-type-options ✓ x-frame-options ✓ x-xss-protectionJPM

1 Answers

1
votes

You can use the Rules engine and set some global rules for these. From the Rules engine page in the global section, select Add Action then Modify Response Header.

However, be aware that there seems to be a limit of three global actions as well as a 100 character string limit for the header value. That is pretty limiting for Content-Security-Policy.