Forum Discussion
HTTP Strict transport
- Oct 12, 2022
Hi suthomas,
if you enable HTS header on your F5 BIG-IP, you will face the problem of the double Strict-Transport-Security headers.
If multiple Strict-Transport-Security headers are set with different settings (e.g. different max-age values), the UA process only the first (https://www.rfc-editor.org/rfc/rfc6797#section-8.1)Regards
Agreeing with Lidev. So long as one obect in the chain (host server or BIG-IP) is setting the HSTS headers you are fine.
As a rule of thumb, in my org we do not set these values in the BIG-IP. That allows more control from the host/application side. However, your milage my vary.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com