Response Headers Allowed

Question

Hi All,&nbsp;
I am studying F5 Ltm and want to know, What is the use of "Response Headers Allowed"option in HTTP profile?&nbsp;
Rgds
Mukul&nbsp;

kevin_stewart · Answer

It is a literal filter on the header names that are allowed to pass to the client in the HTTP response. Some headers, particularly those that affect functionality of an application like Set-Cookie and Content-Type, are not blocked by this HTTP profile option. Others, like Server and Date, can be blocked. It's also a whitelist option if a value is specified. If the field is left blank, all headers are allowed through. If header names are specified, ONLY those headers will pass (barring the functional headers). The text block takes multiple header names, space delimited.

anthony_cheng_1 · Answer

It can be useful in troubleshooting where you need to do a HTTP trace and wanted to see only specific headers, e.g. You setup a test HTTP Profile with specific option for "Response Headers Allowed".

Forum Discussion

Response Headers Allowed

2 Replies

Bram - January 2026 Featured Member

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Single LTM with multiple GTM domains

Question about adding VEs to existing physical appliance device group without ASM licenses

2026 301a exam

How can I measure Advanced WAF (ASM) throughput on a running BIG-IP VE (per VIP / per policy)?

What is the best practice for migrating from iseries to rseries?

Related Content

Adding CORS response headers

Remove X- Headers From Web Server Response

Introduction of Incident Response

Inserting a http header on the response to the client

F5 NGINX API Gateway: Simplify Response Manipulation

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS