Security headers

THE_BLUE The following article is something I found with best practices for security headers and based on what I can tell you can create an iRule or use a virtual server setting accomodate them all. I don't know of a standard iRule for each use case but I would imagine search DevCentral (this forum) for the respective header will provide you several articles where someone has solved this issue.

https://www.globaldots.com/resources/blog/the-8-http-security-headers-best-practices/

The following is an example of a search that can be performed on a topic in the URL provided above.

https://community.f5.com/t5/forums/searchpage/tab/message?advanced=false&allow_punctuation=false&q=Cross%20Site%20Scripting%20Protection

Hi THE_BLUE , 

Please have a look in the following Articles : 

https://my.f5.com/manage/s/article/K57207881

https://community.f5.com/t5/codeshare/adding-security-http-headers-with-an-irule-for-hsts-xss/ta-p/278818

In addetion to using Cookies and http only features.