Configure Public Key Pinning (HPKP) header in LTM 11.6

Question

Has anyone configured the HTTP Public-Key-Pins response header (rfc 7469) in LTM 11.6?&nbsp;

chris_grant · Answer

This is not something that is natively supported in 11.6.0, though there is a tracking ID to add it to a future release. You can open a support case and ask to have your case linked against ID 517825. This functionality won't likely find it's way backwards to 11.6.0, though.

awilhelm · Answer

You can insert headers in responses by calling HTTP::header insert in the HTTP_RESPONSE event in an iRule. See the HTTP::header documentation for more info: https://devcentral.f5.com/wiki/iRules.HTTP__header.ashx
Due to the nature of the information required in RFC 7469, you would unfortunately need to prepare a static header to be inserted and update it as needed when certificates potentially change.

bamchenry · Answer

A bit more detail on how to insert HPKP headers:
https://devcentral.f5.com/s/articles/20-lines-or-less-security-headers-18367

Forum Discussion

Configure Public Key Pinning (HPKP) header in LTM 11.6

3 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Syslog server not visible in GUI

Same LTM Monitor applied to different Pools with Common Nodes

irule execution error

F5 AWAF/ASM learning only from Trusted traffic?

OWA File Upload URIs for WAF Bypass

Related Content

Enriching AFM with public domain Threat Intelligence

F5 High Availability - Public Cloud Guidance

Public Cloud Simplified with F5 NGINXaaS for Azure

SSLO in public cloud: Azure inbound L3 use case

Public IP address display

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS