Forum Discussion
Kai_Wilke
Oct 24, 2017MVP
Hi ReynaldoQ,
you may take a look to K11324 [click me]. The solution article explains how to set the secure flag on response cookies and also provides an iRule for this task.
In addition to this you may want to adopt Strict Transport Security / HSTS on your HTTP Profile. Enabling HSTS will make sure that your clients will always connect to your site via HTTPS. When using HSTS the "secure" cookie flag could be considered as obsolete...
HTTP Profile Settings: See "Strict Transport Security" Section
https://support.f5.com/csp/article/K40243113
Cheers, Kai