I have added customheaders in the web.config of an angular website. enter image description here
But when I go to the website, the added headers are not reflected. Our security team is raising an issue saying the headers X-Content-Type-Options and X-Frame-Options are not present in the response. enter image description here
I have gone through many topics related to this and all of them advise to use the configuration in web.config. Our application is hosted in Kubernetes cluster if that helps.
One problem we have seen is that our responses receive the "Server" header, even though we have removed the same in the web.config. We were told that it is because the istio server adds this header. Is it possible that the headers are not being returned due to some configuration in the istio server?
Am I understanding the headers wrong? Any help will be greatly appreciated.