![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 28.999999999999996%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESA%3C/text%3E%3C/svg%3E)
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
@SG Azure Thanks for reaching out to Microsoft Q&A, apologize for any inconvenience caused on this.
Based on the shared information I understand that you want to include the header X-Frame-Options to DENY in the app service HTTP headers.
On Linux App Services, there is no ‘turn-key’ solution to customizing response headers, but there are other ways that this can be done. Either programmatically or through other products that can be used with it.
A quick way that response headers can be changed as needed is through the application itself. You can refer to this documentation on How to change the headers on Linux app service with different runtimes.
To test this out, I have followed this quick start tutorial of deploying Nodejs app with express generator and the below line in my index.js file to include the HTTP header X-Frame-Options.
Here is the sample output for your reference:
Feel free to reach back to me if you have any further questions on this.