Forum Discussion

Nimbostratus

Nov 29, 2017

HTTP Security Headers - LTM Policies

Hi folks, I'm trying to create some LTM Policies for the following: •X-XSS-Protection •X-Content-Type-Options •Content-Security-Policy •Strict-Transport-Security I already have the following wo...

Nimbostratus

Mar 19, 2019

Question: We're running 13.1. What if we have an Existing Policy...is this something that can be added to the existing? (I didn't see where.) ....or would we create a second policy and apply (merge?) both policies? (If that is even possible.)

crodriguez

Ret. Employee

Mar 19, 2019

You can have multiple local traffic policies on a single virtual server. There's no need to worry about order (as is sometimes the case with multiple iRules) due to the way the policies are "compiled" by the policy engine. You may be able to add the new rules to an existing policy but that depends entirely on what the existing policy does. I tend to favor keeping functionality separate and distinct, but that's just me.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

HTTP Security Headers - LTM Policies

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

HA Failover between two Datacenters

LTM issue Openning new web browser tab

F5 asm/awaf

Cannot ping external interface

AST Configuration Assistance

Related Content

iRule to modify a content-security-policy header

Quarterly Security Notification October 2025

Minimizing Security Complexity: Managing Distributed WAF Policies

Auditing Security Policy Updates

Security Headers Insertion

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS