Forum Discussion

Cirrostratus

Jan 04, 2016

HSTS and APM (ssllabs)

hi trying to achieve a grade a+ with ssllabs for my VS that have an Access Policy bound. I'm running v12 and use the HSTS setting in the HTTP profile. Testing my website with SSLLabs, ...

BIG-IP Access Policy Manager (APM)

hsts

security

amolari

Cirrostratus

Feb 01, 2016

After upgrading to 12.0 HF-1 and using the above iRule, we had no issue with /my.policy (with and without On-demand cert auth).

Got from F5 support the existing BUGID 565554, which is about

not needing the workaround irule anymore (ID is mentioned in the irule above)

++ additionally:

missing HSTS header randomly seen (when serving APM objects)

Alex

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

HSTS and APM (ssllabs)

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

External Data Group Import Failing.

F5 breaking Exchange authentication

Can F5 restrict the file types transferred via FTP?

Dump all host running services during APM logon

NGINX event logs send to F5 Data Collection Device and analysis from BIG-IQ it possible or not?

Related Content

HSTS is not working.

SSL Ciphers (SSLLabs) Warning

to HSTS or not to HSTS

TMOS HSTS

Enforcing HSTS (HTTP Strict Transport Security) in LineRate

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS