Forum Discussion

Jim_Mathers_131

Nimbostratus

Jul 09, 2018

Simplest way to insert "Strict-Transport-Security: max-age=63072000" for all HTTP responses

Hey folks, what is the easiest way to insert that header on an HTTPS vip where we are offloading SSL? Thanks, Jim

application delivery

LTM

crodriguez

Ret. Employee

Jul 09, 2018

How about something like below? This solution checks to make sure the server is not already sending one before inserting the default.

when HTTP_RESPONSE {
     If server has not sent an HSTS header, BIG-IP will
    if { !([HTTP::header exists "Strict-Transport-Security"]) } {
        HTTP::header insert "Strict-Transport-Security" "max-age=63072000"
    }
}

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Simplest way to insert "Strict-Transport-Security: max-age=63072000" for all HTTP responses

Tyler - May 2026 Featured Member

AppWorld Berlin 2026 – iRules Contest Winning Results

One Quick Step to Make your website AI-Agent/MCP Ready with an iRule

Recent Discussions

F5 Send email and snmp trap from LTM log event

shame on f5

Dynamic import of data groups

ASM allow specific url from outside country of geolocation ON

AWAF Detection Inconsistency Between Similar Test Payloads

Related Content

Introduction of Incident Response

F5 NGINX API Gateway: Simplify Response Manipulation

Logging F5 response via Logging profile

custom response page for api

Operationlizing Online Fraud Detection, Prevention, and Response

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS