Forum Discussion

Nimbostratus

Nov 07, 2014

HSTS - Header not inserted with iRule

Hi, Following is my iRule which is attached to $mydomain$ (http) VirtualServer in F5 for HSTS, but it is not inserting the "Strict-Transport-Security" header in the http response. When I run "cu...

Colin_Stubbs

Altostratus

Dec 01, 2015

This can also be caused by Web Acceleration or manual use of iRule CACHE commands.

e.g. HTTP_RESPONSE will not fire on anything pulled from cache.

You can use CACHE_RESPONSE instead. I now use two rules and attach as appropriate.

when HTTP_RESPONSE {
    HTTP::header replace Strict-Transport-Security "max-age=31536000; includeSubDomains"
}

And,

when CACHE_RESPONSE {
    CACHE::header replace Strict-Transport-Security "max-age=31536000; includeSubDomains"
}

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

announcement

Appworld2026

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

HSTS - Header not inserted with iRule

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Share what you learned on DevCentral in 2025

Failing over Virtual F5 VE to DR location using Zerto

Unblock Request WAF

TLS handshake failure from BIG-IP to backend – Fatal Alert: Decode Error (Server SSL)

Failing over of a Virtual F5 configuration to another location using Zerto restore process

Related Content

Strict header Insertion

Security Headers Insertion

iRule header insert

iRule Header Insert

X Forwarded For Single Header Insert

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS