Forum Discussion
HSTS domain
not really an F5 question, but i do use an iRule to insert the header :)
does anyone has actual experience with HSTS* and on what level it is active? i read everywhere about the HSTS domain, so i expected that if i insert the header on a server called name.domain.ext it would be active for domain.ext. but when testing this on chrome it seems to make it active for name.domain.ext only. is this expected behavior?
*) http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
based on some testing (Chrome 35, FireFox 28 / 30) i determined it is set on a host basis, not domain. so when i set the header for host1.domain.ext, then it is active for host1.domain.ext only. not for domain.ext and host2.domain.ext.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com