Adding securityheaders

Question

Hello,&nbsp;
I have a situation where there is many websites behind one virtual server and I would need to enable securityheaders.io recommended headers to responses. &nbsp;
Is there any ways to apply header only to one host which is behind the vip. HSTS would propably break something if applied to the VIP from etc. http profile?&nbsp;
And other question is about doing this in the webserver? Is there any reason those headers can't be added in IIS if f5 is doing ssl offloading or briding. Both offloading and bridging are used in same vip through policies. &nbsp;
Any help is much appreciated!&nbsp;
BR &nbsp;
Teemu&nbsp;

lee_sutcliffe · Answer

This can easily be done per server IP on an HTTP response. 
For example:
when HTTP_RESPONSE {
    if {[IP:addr [IP:server_addr] equals 10.10.10.10]} {
    HTTP::header insert header-name header-value
     }
}

stan_piron · Answer

Hi,&nbsp;
Jason Rahm shared in codeshare section a ready to use irule about security headers insertion in HTTP responses:&nbsp;
https://devcentral.f5.com/codeshare/security-headers-insertion&nbsp;

Forum Discussion

Adding securityheaders

2 Replies

AppWorld Berlin iRules Contest!

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

Recent Discussions

Related Content

Yubikey Authentication Modes and Azure AD integration via the APM

SecurityHeaders

Multiple AD Authentication

adding pool members in cli

BIG‑IQ: Adding rSeries/Velos Devices through the REST API

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS