Merge pull request #298066 from halkazwini/afd-headers

JamesJBarnett · web-flow · commit fb7bc4633fde · 2025-04-10T13:41:11.000-07:00
Freshness: Tutorial: Add Security Headers with Rules Engine
diff --git a/articles/frontdoor/front-door-security-headers.md b/articles/frontdoor/front-door-security-headers.md
@@ -1,41 +1,42 @@
 ---
-title: 'Tutorial: Add security headers with Rules Engine - Azure Front Door'
-description: This tutorial teaches you how to configure a security header via Rules Engine on Azure Front Door
+title: 'Tutorial: Add security headers with Rules Engine'
+titleSuffix: Azure Front Door
+description: In this tutorial, you learn how to configure a security header via Rules Engine on Azure Front Door using the Azure portal.
 author: halkazwini
 ms.author: halkazwini
 ms.service: azure-frontdoor
 ms.topic: tutorial
-ms.date: 11/15/2024
+ms.date: 04/10/2025
 
 # Customer intent: As an IT admin, I want to learn about Front Door and how to configure a security header via Rules Engine.
 ---
 
-# Tutorial: Add Security Headers with Rules Engine
+# Tutorial: Add security headers with rules engine
 
 [!INCLUDE [Azure Front Door (classic) retirement notice](../../includes/front-door-classic-retirement.md)]
 
 This tutorial demonstrates how to implement security headers to prevent browser-based vulnerabilities such as HTTP Strict-Transport-Security (HSTS), X-XSS-Protection, Content-Security-Policy, and X-Frame-Options. Security attributes can also be defined with cookies.
 
-The example below shows how to add a Content-Security-Policy header to all incoming requests that match the path defined in the route associated with your Rules Engine configuration. In this scenario, only scripts from the trusted site **https://apiphany.portal.azure-api.net** are allowed to run on the application.
+The example in this tutorial shows how to add a Content-Security-Policy header to all incoming requests that match the path defined in the route associated with your rules engine configuration. In this scenario, only scripts from the trusted site `https://apiphany.portal.azure-api.net` are allowed to run on the application.
 
-In this tutorial, you will learn how to:
+In this tutorial, you learn how to:
 > [!div class="checklist"]
-> - Configure a Content-Security-Policy within Rules Engine.
+> - Configure a Content-Security-Policy within rules engine.
 
 ## Prerequisites
 
 * An Azure subscription.
-* An Azure Front Door. To complete this tutorial, you must have an Azure Front Door configured with Rules Engine. For more information, see [Quickstart: Create an Azure Front Door](quickstart-create-front-door.md) and [Configure your Rules Engine](front-door-tutorial-rules-engine.md).
+* An Azure Front Door. To complete this tutorial, you must have an Azure Front Door configured with rules engine. For more information, see [Create an Azure Front Door](quickstart-create-front-door.md) and [Configure your rules engine](front-door-tutorial-rules-engine.md).
 
 ## Add a Content-Security-Policy header in Azure portal
 
-1. In your Azure Front Door resource, go to **Settings** and select **Rules engine configuration**. Choose the rules engine where you want to add the security header.
+1. In your Azure Front Door resource, select **Rules engine configuration** under **Settings**. Choose the rules engine where you want to add the security header.
 
-2. Click **Add rule** to create a new rule. Name the rule and then select **Add an Action** > **Response Header**.
+2. Select **Add rule** to create a new rule. Name the rule and then select **Add an Action** > **Response Header**.
 
 3. Set the Operator to **Append** to add this header to all incoming requests for this route.
 
-4. Enter the header name: *Content-Security-Policy* and specify the values for this header. In this example, use *`script-src 'self' https://apiphany.portal.azure-api.net`*. Click **Save**.
+4. Enter the header name: *Content-Security-Policy* and specify the values for this header. In this example, use *`script-src 'self' https://apiphany.portal.azure-api.net`*. Select **Save**.
 
     :::image type="content" source="./media/front-door-security-headers/front-door-security-header.png" alt-text="Screenshot showing the added security header.":::
 
@@ -51,11 +52,9 @@ In this tutorial, you will learn how to:
 
 ## Clean up resources
 
-If you no longer need the security header rule configured in the previous steps, you can remove it. To do this, go to the rules engine in your Azure Front Door resource and select **Delete rule**.
+If you no longer need the security header rule configured in the previous steps, you can remove it by selecting **Delete rule** in the rules engine.
 
-## Next steps
-
-To learn how to configure a Web Application Firewall for your Azure Front Door, proceed to the next tutorial.
+## Next step
 
 > [!div class="nextstepaction"]
 > [Web Application Firewall and Azure Front Door](front-door-waf.md)
