Bug ID 737355: HTTP Strict-Transport-Security (HSTS) headers not being added to all APM generated files

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
13.1.0,,,,,,,,, 13.1.1, 14.0.0,,,,,, 14.0.1,

Fixed In:

Opened: Jul 18, 2018

Severity: 3-Major


HTTP Strict-Transport-Security (HSTS) headers are missing for some APM-generated files.


Without these headers, the user agent (browser) may switch to non-secure communication.


This occurs when the following conditions are met: -- HTTP profile is configured with HSTS enabled. -- HTTP GET requests for APM renderer files, including CSS, JS, and image files from the webtop.



Fix Information

When the HTTP profile is configured with HSTS enabled, all APM renderer files are now sent with HSTS headers.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips