Security Response header in angular hosted in azure app service

1
votes

we have pure angular application ( not hosted in asp.net mvc core ) deployed to azure app service.

now requirement is, we need to add few security headers mentioned here

  1. https://securityheaders.com/

  2. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security

as well, wanted to remove X-Powered-By: ASP.NET header too.

so far on internet or my own search, what i found so far is to add in webconfig file, but remember,we have just angular app.

why should i use webconfig for that?

in your experience, how do you handle this situation? or what is the best answer?

Thanks in advance.

1
angularazuresecurityazure-web-app-service
Hey, how did you handled this situation? I have also standalone angular application and I also need to include some security headersDeepika

1 Answers

0
votes

This response is not coming from the server, it is handled by their frontend and they can't remove the specific header.

The article you found to add in web.config which is run on IIS. Refer to this issue.

You can raise a support issue with Microsoft Azure.

Here is a similar SO thread you could refer to.