Strict-Transport-Security (HSTS) header throws Operation not supported errors

Hi,

The HSTS irule must be applied to HTTPS VS and not HTTP.

to be sure this irule is executed before other, you can add priority to this irule event and disable event if Policy action is redirect.

when HTTP_RESPONSE priority 1 {
if {[POLICY::targets http-reply] } {
    log local0. "LTM Policy action contains redirect. Disabling event"
    event disable
    return
}
 set strictTransportSecurityHeader "Strict-Transport-Security"
 if { [HTTP::header exists $strictTransportSecurityHeader] } { 
      HTTP::header remove $strictTransportSecurityHeader
 }
HTTP::header insert $strictTransportSecurityHeader "max-age=31536000; includeSubDomains"
}