Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

puluck's avatar
puluck
Icon for Cirrus rankCirrus
Jan 03, 2018

HTTP Header not detected

Hello All,

 

We have got vulnerability " HTTP header not detected " for few of our F5 webtop URL .Do we know how we can fix this .? Do we have irule which can be applied to fix this ?

 

These URL hosted on f5 APM

 

Thanks

 

2 Replies

  • Jad_Tabbara__J1's avatar
    Jad_Tabbara__J1
    Icon for Cirrostratus rankCirrostratus
    Jan 04, 2018

    Hello Puluck,

     

    How did you detect this vulnerability ? If using a known vulnerability scanner such as Qualys or other, could you add the description given by the editor for this vulnerability...

     

    Indeed it will help us to give you the best manner to treat this.

     

    APM has by default security options such as the "Secure" & "HTTP Only" flags for cookie headers.

     

    Once we know why the scanner is raising this vulnerability we can add more security headers to enforce your webtop.

     

    Regards

     

  • Ashwin_Venkat's avatar
    Ashwin_Venkat
    Icon for Employee rankEmployee
    Jan 05, 2018

    This sounds like it's coming from Qualys and it's complaining about certain HTTP headers like X-Frame-Options, X-XSS-Protection, X-Content-Type-Options, CSP etc headers being missing from the HTTP response. You can add them all via an iRule to tighten the security headers and it's covered in great detail here:

    Part 1: https://devcentral.f5.com/articles/tightening-the-security-of-http-traffic-part-1-27511
Part 2: https://devcentral.f5.com/articles/tightening-the-security-of-http-traffic-part-2-27512
Part 3: https://devcentral.f5.com/articles/tightening-the-security-of-http-traffic-part-3-27702