azure gateway ip getting an asv scan failed error as - HTTP Security Header Not Detected

Question

azure gateway ip getting an asv scan failed error as - HTTP Security Header Not Detected

Abhinand MS 0

Alex Burlachenko 9,780 Reputation points

2025-06-02T08:23:56.2866667+00:00
Abhinand MS hi,

when azure vpn gateway's IP gets scanned, it expects certain security headers to be present. if they're missing, boom - u get that error. microsoft actually explains this in their docs here.

check ur headers - make sure u have stuff like "strict-transport-security" and "x-content-type-options" properly configured. sometimes azure gateway defaults don't include these ))

tweak the network security group - u might need to adjust rules in ur nsg to allow proper header transmission. microsoft suggests specific settings here.

update gateway config - go to azure portal, find ur vpn gateway, and under "configuration" look for security settings. enable "custom headers" if it's not on.

sometimes just restarting the gateway helps %) azure can be quirky like that. if u still get errors after trying these, check the scan report details - it usually tells u exactly which header is missing.

Best regards,

Alex

and "yes" if you would follow me at Q&A - personaly thx. P.S. If my answer help to you, please Accept my answer PPS That is my Answer and not a Comment

https://ctrlaltdel.blog/
Sindhuja Dasari 1,520 Reputation points Microsoft External Staff Moderator

2025-06-03T02:53:37.24+00:00
Hello Abhinand MS

In addition to what TP have mentioned, just to clarify, the Azure VPN Gateway is used for creating secure VPN connections, and it isn't designed like a traditional web server to send HTTP headers.
Refer VPN Gateway FAQ

When you run scans on the VPN Gateway, it doesn't typically send security headers like "Strict-Transport-Security" or "X-Content-Type-Options" because it's not a web server. That's why you may be seeing these alerts during your scans.

Here are some suggestions to consider:

Ensure that you're indeed scanning the correct service. If you're using an Azure VPN Gateway, it won't return HTTP security headers, which is expected behavior.

If you were looking for certain security settings specific to your application, review the settings on your Azure resources like Application Gateway or Web Apps where these headers may need to be configured.

Please do consider to “up-vote” wherever the information provided helps you, this can be beneficial to other community members.
Sindhuja Dasari 1,520 Reputation points Microsoft External Staff Moderator

2025-06-04T10:10:11.2366667+00:00

Hello Abhinand MS

Following up to see if the above information was helpful. And, if you have any further query do let us know.
Sindhuja Dasari 1,520 Reputation points Microsoft External Staff Moderator

2025-06-05T08:51:50.85+00:00

Hello Abhinand MS

Following up to see if the provided information was helpful. And, if you have any further query do let us know.

1 answer

Your answer

Alex Burlachenko 9,780 Reputation points

2025-06-02T08:23:56.2866667+00:00

Abhinand MS hi,

when azure vpn gateway's IP gets scanned, it expects certain security headers to be present. if they're missing, boom - u get that error. microsoft actually explains this in their docs here.

check ur headers - make sure u have stuff like "strict-transport-security" and "x-content-type-options" properly configured. sometimes azure gateway defaults don't include these ))

tweak the network security group - u might need to adjust rules in ur nsg to allow proper header transmission. microsoft suggests specific settings here.

update gateway config - go to azure portal, find ur vpn gateway, and under "configuration" look for security settings. enable "custom headers" if it's not on.

sometimes just restarting the gateway helps %) azure can be quirky like that. if u still get errors after trying these, check the scan report details - it usually tells u exactly which header is missing.

Best regards,

Alex

and "yes" if you would follow me at Q&A - personaly thx. P.S. If my answer help to you, please Accept my answer PPS That is my Answer and not a Comment

https://ctrlaltdel.blog/
Sindhuja Dasari 1,520 Reputation points Microsoft External Staff Moderator

2025-06-03T02:53:37.24+00:00

Hello Abhinand MS

In addition to what TP have mentioned, just to clarify, the Azure VPN Gateway is used for creating secure VPN connections, and it isn't designed like a traditional web server to send HTTP headers.
Refer VPN Gateway FAQ

When you run scans on the VPN Gateway, it doesn't typically send security headers like "Strict-Transport-Security" or "X-Content-Type-Options" because it's not a web server. That's why you may be seeing these alerts during your scans.

Here are some suggestions to consider:

Ensure that you're indeed scanning the correct service. If you're using an Azure VPN Gateway, it won't return HTTP security headers, which is expected behavior.

If you were looking for certain security settings specific to your application, review the settings on your Azure resources like Application Gateway or Web Apps where these headers may need to be configured.

Please do consider to “up-vote” wherever the information provided helps you, this can be beneficial to other community members.
Sindhuja Dasari 1,520 Reputation points Microsoft External Staff Moderator

2025-06-04T10:10:11.2366667+00:00

Hello Abhinand MS

Following up to see if the above information was helpful. And, if you have any further query do let us know.
Sindhuja Dasari 1,520 Reputation points Microsoft External Staff Moderator

2025-06-05T08:51:50.85+00:00

Hello Abhinand MS

Following up to see if the provided information was helpful. And, if you have any further query do let us know.

Answer 1

Hi,

To confirm, you are referring to Azure VPN Gateway, correct? If you are referring to something else please let me know.

Azure VPN Gateway is for VPN connections and is not a web server. Since it is not a web server it does not send common security headers like you would expect a web server to send a browser, even though it does communicate over port 443.

Another common question people ask after performing a scan against VPN Gateway is the extra open ports. In regards to that, below is quote from VPN Gateway FAQ:

Why are certain ports opened on my virtual network gateway?

They're required for Azure infrastructure communication. They're protected (locked down) by Azure certificates. Without proper certificates, external entities, including the customers of those gateways, won't be able to cause any effect on those endpoints.A virtual network gateway is fundamentally a multi-homed device with one NIC tapping into the customer private network, and one NIC facing the public network. Azure infrastructure entities can't tap into customer private networks for compliance reasons, so they need to utilize public endpoints for infrastructure communication. The public endpoints are periodically scanned by Azure security audit.

VPN Gateway FAQ - Why are certain ports opened on my virtual network gateway?

https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-vpn-faq#gatewayports

Please click Accept Answer and upvote if the above was helpful.

Thanks.

-TP

TP 124.9K Reputation points Volunteer Moderator

2025-06-04T07:07:48.8866667+00:00

@Abhinand MS Any update?

Share via

azure gateway ip getting an asv scan failed error as - HTTP Security Header Not Detected

1 answer

Your answer