Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

Security headers

Go to solution
THE_BLUE
Cirrostratus
Cirrostratus

‎28-May-2023 01:30

what are the security headers that sould be added in all websites? is there any irule to add all needed headers?

Labels:
0 Kudos
2 ACCEPTED SOLUTIONS

Go to solution
Paulius
MVP
MVP

‎28-May-2023 08:20

@THE_BLUE The following article is something I found with best practices for security headers and based on what I can tell you can create an iRule or use a virtual server setting accomodate them all. I don't know of a standard iRule for each use case but I would imagine search DevCentral (this forum) for the respective header will provide you several articles where someone has solved this issue.

https://www.globaldots.com/resources/blog/the-8-http-security-headers-best-practices/

The following is an example of a search that can be performed on a topic in the URL provided above.

https://community.f5.com/t5/forums/searchpage/tab/message?advanced=false&allow_punctuation=false&q=C...

View solution in original post

0 Kudos

Go to solution
Mohamed_Ahmed_Kansoh
MVP
MVP

‎29-May-2023 01:57

Hi @THE_BLUE , 

Please have a look in the following Articles : 

https://my.f5.com/manage/s/article/K57207881

https://community.f5.com/t5/codeshare/adding-security-http-headers-with-an-irule-for-hsts-xss/ta-p/2...

In addetion to using Cookies and http only features. 

_______________________
Regards
Mohamed Kansoh

View solution in original post

0 Kudos
2 REPLIES 2

Go to solution
Paulius
MVP
MVP

‎28-May-2023 08:20

@THE_BLUE The following article is something I found with best practices for security headers and based on what I can tell you can create an iRule or use a virtual server setting accomodate them all. I don't know of a standard iRule for each use case but I would imagine search DevCentral (this forum) for the respective header will provide you several articles where someone has solved this issue.

https://www.globaldots.com/resources/blog/the-8-http-security-headers-best-practices/

The following is an example of a search that can be performed on a topic in the URL provided above.

https://community.f5.com/t5/forums/searchpage/tab/message?advanced=false&allow_punctuation=false&q=C...

0 Kudos

Go to solution
Mohamed_Ahmed_Kansoh
MVP
MVP

‎29-May-2023 01:57

Hi @THE_BLUE , 

Please have a look in the following Articles : 

https://my.f5.com/manage/s/article/K57207881

https://community.f5.com/t5/codeshare/adding-security-http-headers-with-an-irule-for-hsts-xss/ta-p/2...

In addetion to using Cookies and http only features. 

_______________________
Regards
Mohamed Kansoh
0 Kudos
Copyright © 2023 Khoros, LLC