Forum Discussion

Cirrostratus

Nov 13, 2017

HSTS for Custom Response page

Hi, I have HSTS enabled on a number of sites via an iRule(I have also tried on the http profile) however I have noticed that when the custom response page is tried in ASM the page does not have the H...

Cirrostratus

Mar 09, 2018

i have the same issue with (Strict-Transport-Security Content-Security-Policy X-Frame-Options X-XSS-Protection X-Content-Type-Options Referrer-Policy )

i added the header response section but not worked :(

when HTTP_RESPONSE {

if { !([ HTTP::header exists "X-XSS-Protection" ])}{HTTP::header insert "X-XSS-Protection" "1; mode=block"}

if { !([ HTTP::header exists "X-Frame-Options" ])} { HTTP::header insert "X-Frame-Options" "SAMEORIGIN" }

if { !([ HTTP::header exists "Strict-Transport-Security" ])} { HTTP::header insert "Strict-Transport-Security" "max-age=16070400" }

if { !([ HTTP::header exists "X-Content-Type-Options" ])} { HTTP::header insert "X-Content-Type-Options" "'nosniff'" }

if { !([ HTTP::header exists "content-security-policy " ])} { HTTP::header insert "content-security-policy" "" } }

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

HSTS for Custom Response page

Recent Discussions

Which process is consuming higher CPU

F5 Health Monitor Receive String as JSON

Background Tasks

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Related Content

custom response page for api

Introduction of Incident Response

iRule Interference: Custom Closes and Responses

Customize your attack response page with F5 Essential App Protect Service

to HSTS or not to HSTS

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS