Need to configure App Gateway to return required security response headers
Currently, the mandatory HTTP response headers are not returned when a path is not found or JWT header is missing or invalid in a request. Need to return the following mandatory headers from App Gateway: "X-XSS-Protection" "X-Content-Type-Options" "X-Frame-Options" "Cache-Control "Expires" "Strict-Transport-Security"
This feature may be required or custom rules can be added.