Security headers

Question

what are the security headers that sould be added in all websites? is there any irule to add all needed headers?

paulius · Accepted Answer

THE_BLUE The following article is something I found with best practices for security headers and based on what I can tell you can create an iRule or use a virtual server setting accomodate them all. I don't know of a standard iRule for each use case but I would imagine search DevCentral (this forum) for the respective header will provide you several articles where someone has solved this issue.
https://www.globaldots.com/resources/blog/the-8-http-security-headers-best-practices/
The following is an example of a search that can be performed on a topic in the URL provided above.
https://community.f5.com/t5/forums/searchpage/tab/message?advanced=false&amp;allow_punctuation=false&amp;q=Cross%20Site%20Scripting%20Protection

Forum Discussion

Security headers

2 Replies

AppWorld Berlin 2026 – iRules Contest Winning Results

One Quick Step to Make your website AI-Agent/MCP Ready with an iRule

IPv8 Would Fix My Routing Tables. It Will Never Ship.

Recent Discussions

Errors with AS3 3.56.0 with F5 17.5.1.6

f5 r5600 appliance issue with adding trunk to vlan

SSL Forward Proxy, iRules and Client Hello

F5 ASM/AWAF – violations logged but no learning suggestions generated

F5 VELOS Backplane Inter-Tenants Communication

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS