suthomas1
Oct 11, 2022Cirrostratus
Solved
HTTP Strict transport
Good day all, If the actual VM/application server has hsts enabled, is it then required to still turn on hsts in Big-IP profile? Reason for asking is we have an application that indicates its got H...
- Oct 12, 2022
Hi suthomas,
if you enable HTS header on your F5 BIG-IP, you will face the problem of the double Strict-Transport-Security headers.
If multiple Strict-Transport-Security headers are set with different settings (e.g. different max-age values), the UA process only the first (https://www.rfc-editor.org/rfc/rfc6797#section-8.1)Regards