Forum Discussion

Nimbostratus

Jan 31, 2019

HTTPOnly and Secure flags - Secure Logon

Hi everybody, I am not an expert on F5 and trying to get more knowledge. I would like to add few Security atttibutes, in the HTTP Header. I know that we can use the iRule and write something, bu...

Noctilucent

Jan 31, 2019

Cookie and path can be secured. Have you check any cookie value is setup i.e.

BIGIPCKIE

Below iRule can help to solve issue.

    when HTTP_RESPONSE {
    foreach x [HTTP::cookie names] {
    if { $x equals "BIGIPCKIE" } {
        continue
    }
    set ckname $x
    set ckvalue [HTTP::cookie value $x] 
    set ckpath [HTTP::cookie $x path]
    HTTP::cookie remove $x
    HTTP::cookie insert name $ckname value $ckvalue path $ckpath version 1
    HTTP::cookie secure $ckname enable
    HTTP::cookie httponly $ckname enable
    }
}

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

HTTPOnly and Secure flags - Secure Logon

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

ASM/AWAF declarative policy

Changes to DO and AS3 GitHub - no longer monitored

Help with SSH Virtual Server

GRE Tunnel Issue

Help with an iRule to disconnect active connections to Pool Members that are "offline"

Related Content

Quarterly Security Notification October 2025

Positive Security vs. Negative Security: A Comparison Using F5's Security Portfolio

Deploying the F5 AI Security Certified OpenShift Operator: A Validated Playbook

BIG-IP security hardening and compliance checks

What is Shape Security?

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS