HSTS

Hello Dear

when I Checked with curl and inspect Element firefox show hsts but when use ssl lab and burp suite for check does not display hsts.

For me, everything seems to be working perfectly from F5 perspective.

If you are receiving an MITM ERROR MESSAGE when you use Burp is totally normal, because Burp is The Man In The Middle and maybe it is trying to downgrade you communication to HTTP.

The problem is your scenario, not the HSTS solution.

Check this ->

https://www.youtube.com/watch?v=NFZh7FjNNBo

https://support.portswigger.net/customer/portal/articles/1783075-installing-burp-s-ca-certificate-in-your-browser

Hello Dear

i have watched links and test again but hsts does not apply to my web site ,in the attached photo ,the difference between the site and google site was shown in the hsts.

What do you mean with "hsts does not apply to my web site"?

Actually as we saw before, HSTS is working normally and your F5 solution is OK.

Your problem it's only in your Burp/Browser connection. Because Burp maybe removes the HSTS strip. So, I recommend you to search on internet (google) trying to find a solution.

For example, I have just done it now and I found this ->

https://support.portswigger.net/customer/portal/questions/16358057-not-supporting-hsts

Taking into account that this is not a F5 related issue, that's all help I can share with you.

BTW, I would appreciate if you score my answer to compensate my time and effort :-).

KR,

Dario.