Forum Discussion

Altostratus

Dec 15, 2017

iRule to exclude specific URI from http header insert (x-frame-options) on http_response

Attempting to exclude two URI from a http header insert on a HTTP_RESPONSE. Basically if the URI contains "/wp-login.php" or "/wp-admin" i do not want this header applied on the response. I was pre...

Employee

Dec 17, 2017

Lots of good answers above.

Just to explain the logic of the required structure reflected in the above irules ...

HTTP::uri is not valid in HTTP_RESPONSE

Valid Events:
ASM_REQUEST_DONE, CACHE_REQUEST, CACHE_RESPONSE, HTTP_CLASS_FAILED, HTTP_CLASS_SELECTED,
HTTP_PROXY_REQUEST, HTTP_REQUEST, HTTP_REQUEST_DATA, HTTP_REQUEST_SEND, 
REWRITE_REQUEST_DONE, SERVER_CONNECTED

So you need to set a flag in HTTP_REQUEST that controls the HTTP_RESPONSE action. I hope this helps.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

iRule to exclude specific URI from http header insert (x-frame-options) on http_response

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

CVE mitigation on F5 XC vs classic F5 WAF

Could not communicate with the system. Try to reload page.

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

Removing x-frame-options header from response when using APM

Clickjacking Protection Using X-FRAME-OPTIONS Available for Firefox

Set x-frames-options header values depending on URI

APM-Specific Features for Securing Your Website

Configuring X-Frame-Options Allow-From

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS