Forum Discussion

Altostratus

May 05, 2015

CSRF protection if HTTP response is compressed

Hi, we plan to enable CSRF protection on the F5. As per the below solution, under the requirements it states that the response should NOT be compressed. - https://support.f5.com/kb/en-us/solutions/p...

Historic F5 Account

May 06, 2015

It's server-side response.

The solution says that: ASM modifies the response in order to insert the CSRF javascript, and it only does it for responses that contain tag

html

, and which are uncompressed.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

Community Articles

application delivery

CIS

container ingress services

devops

Gateway Fabric

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

announcement

Appworld2026

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

CSRF protection if HTTP response is compressed

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Use F5 APM as Forward Proxy

Forward proxy with SSL passthrough - SWG license required?

sslprovide (--f5 ssl) does not generate CLIENT/SERVER_TRAFFIC_SECRET on server-side TLS traffic

F5 Software Downgrade from version 17.x.x to 15.x.x

Error diskmonitor

Related Content

Runtime API Security: From Visibility to Enforced Protection

L7 DoS Protection with NGINX App Protect DoS

Cookie-based DDoS protection

F5 API Security: Discovery and Protection

Protecting gRPC based APIs with NGINX App Protect

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS