Azure CDN endpoint https://programmable-proxy.azureedge.net is using these functions as the origin.
programmable-proxy proxies a REST API specified by the s query. Any sensitive information that you don't want to expose to a client-side should be added by Azure CDN rules engine.
If REST API expects sensitive information to be included in the query, you can specify it from the Azure CDN rules engine using the pp-additional-query header.
If REST API expects a bearer token to be included in the authorization header, you can specify it from the Azure CDN rules engine using the pp-authorization-bearer header.
Configure Azure CDN rules engine:
Request without sensitive information: https://programmable-proxy.azureedge.net/?s=https://my.private.api.com/?someParam=1
➜ Proxied URL: https://my.private.api.com/?someParam=1&token=ABC123