Forum Discussion

Nimbostratus

Nov 19, 2014

http_only iRule no longer needed?

We have recently upgraded from a pair of 6400's running 10.2.0 to a pair of 5000s' running 11.4.0 running LTM and ASM. I had thought that at some point in between there that the http_only cookie ...

Nacreous

Nov 20, 2014

Hi,

if you use ASM security policy you can add http_only attribute by:

Security  ››  Application Security : Headers : Cookies List  ››  Edit Cookie

and set

Insert HttpOnly attribute

. But be aware that the Application Security will not check the enforcement of this attribute

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

announcement

Appworld2026

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

http_only iRule no longer needed?

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Username is not filled in EdgeClient in the Modern customization

The GSLB pool is providing an incorrect IP to end users

iRule causing requests to be duplicated (sometimes)

F5 Networks F5CAB1 Exam - Need Help Regarding Prep

Cisco TACACS+ Config on ISE LTM Pair

Related Content

Security Sidebar: Is Tor No Longer Safe?

Need to create irule

Need help with irule

F5 Certifications Mega Meta Series: The art of knowing what you need to know

BIG-IP Meets DoD’s Needs for Next Level Logging Capabilities

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS