Configure Header in Azure CDN

Question

Hello,
In my company we publish our platform using Azure CDN, and for meet some security necessity i need to configure some header in production and staging.
I start in Staging configuration.

• In the endpoint i clicked in Advanced Features
• Manage
• In HTTP Large, i clicked in Rules Engine V 4.0
• Clone the current Rule and add
  I try creating in 2 different ways
  First Try
  1. Match > General > Always
  2. Feature > Headers > Modify Client Response Header > Append > X-Frame-Options > SAMEORIGIN
  3. Feature > Headers > Modify Client Response Header > Append > trict-Transport-Security > max-age=31536000; includeSubDomains; preload

Second Try

1. Match > Edge CNAME > platform url
2. Feature > Headers > Modify Client Response Header > Append > X-XSS-Protection > 1;mode=block

In both try i Deploy the Rule.
I tested different header to check if the header was the problem, but didn't work in any scenarios. Actually i make a lot more trys, change like double quotes, the values and other things.
I thought about cache (but i didn't think it was related) but i don't have cache enabled.
To check the header i used 2 different tools

• curl -h <URL>
• https://securityheaders.com/

Anyone have any ideas why its not working?

Answer 1

Hi @dionizio.ferreira

Apologize for delay in response.

Can you set the action type as Overwrite instead of Append, this sets the response header.

Ex:

Match > General > Always

Feature > Headers > Modify Client Response Header > Overwrite > X-Frame-Options > SAMEORIGIN

Hope this was helpful. Please let us know in case of any additional questions or concerns.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well