DEV Community


Posted on

Configure HTTP security response headers for Azure Static Web Apps


HTTP security headers is the most crucial part of the web applications that helps to protect against some variety of attacks most likely cross-site scripting, clickjacking and other script attacks, configure HTTP security headers is frequently forgotten by Developers! So, I recently checked my blog on and results indicated that HTTP security headers are not configured so I decided to put some HTTP security headers for my Azure Static Web Apps.

Recommended HTTP security headers

  1. Strict-Transport-Security

  2. Content-Security-Policy

  3. X-Frame-Options

  4. X-Permitted-Cross-Domain-Policies

  5. X-Content-Type-Options

  6. Permissions-Policy

Configure HTTP security headers

You can create a json file called ( staticwebapp.config.json ) in the root of the web site and put the configuration like below then deploy it to your Azure Static Web App host.

      "globalHeaders": {
        "content-security-policy": "frame-ancestors 'self'; 
        "X-Frame-Options": "SAMEORIGIN",
        "X-Permitted-Cross-Domain-Policies": "none",
        "X-Content-Type-Options": "nosniff",
        "Permissions-Policy": "autoplay=()"

Enter fullscreen mode Exit fullscreen mode

Top comments (2)

rebin profile image

Thanks, nice idea ❤