Forum Discussion

Nimbostratus

Apr 03, 2018

HSTS header in policy is NOT sent when redirecting

We are inserting an HSTS header using a policy (v 12). When a request comes into our virtual server, if the URI is just /, we have an iRule that will redirect the browser to a specific application. F...

application delivery

iRules

Abdessamad1

Cirrostratus

Apr 06, 2018

Dear,

Concerning the processing order, you should note that the iRules are evaluated after the LTM policies: https://support.f5.com/csp/article/K16590

But the event order is also important, iRule based redirect will cause any response based action not to be fired.

So if you're relying a lot more on the LTM policies, I suggest that you perform your redirects via policies as well, and include there the hsts header.

Regards.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

HSTS header in policy is NOT sent when redirecting

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

(HTTP) Redirection via Arbitrary Host Header

iRule to modify a content-security-policy header

F5 HTTPS Redirect 2025

F5 Distributed Cloud - Service Policy - Header Matching Logic & Processing

Insert header for APM policy

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS