Forum Discussion

Nimbostratus

Nov 29, 2017

HTTP Security Headers - LTM Policies

Hi folks, I'm trying to create some LTM Policies for the following: •X-XSS-Protection •X-Content-Type-Options •Content-Security-Policy •Strict-Transport-Security I already have the following wo...

Nimbostratus

Jul 30, 2019

We wish to do this as well. In our example we wish to allow from multiple domains such as:

A.com

B.com

C.com

Are these comma separate values? Semi-colon separated values? spaces inbetween or not? After implementing the change (no errors in web-ui), and generating test traffic, the x-frame-options header was NOT present in the response and we're not sure why.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

HTTP Security Headers - LTM Policies

Recent Discussions

Background Tasks

Which process is consuming higher CPU

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Client SSL Profile set to Require Client Certificate breaks RDP in APM

Related Content

Auditing Security Policy Updates

Minimizing Security Complexity: Managing Distributed WAF Policies

Adaptive Apps: Replicate & deploy WAF application security policies across F5's security portfolio

iRule for AFM IP Intelligence security policy to work with HTTP XFF (X-Forwarded-For) headers

Virtual server security policy

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS