HTTP Protocol Compliance Failed: Header name with no header value

If you know exactly what circumstances you will see a blank value for that header, you might be able to utilize that logic to use a different ASM policy when you expect a blank value. Local Traffic Policies give you some level of logic control without using iRules and if the logic is applicable, you could create a separate policy where that violation was disabled, enable that ASM policy using the traffic policy logic and use your main policy at other times. This would have less impact than iRules.

Basically the idea would be to use traffic policies to determine which ASM policy to use. One policy would have that violation enabled and another would have it disabled. The local traffic policy would then enable the appropriate policy.

This is all dependent upon the ability to determine under what conditions that header would show up as blank - certain urls, certain cookies, etc.