Bug ID 793149: Adding the Strict-transport-Policy header to internal responses

Last Modified: Jul 14, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3,,,,,,,, 12.1.4,, 13.1.0,,,,,,,,, 13.1.1,,,,,, 14.1.0,,,,,,, 15.0.0

Opened: Jun 13, 2019
Severity: 3-Major


Some applications requires the Strict-transport-Policy header to appear in all responses. BIG-IP internal responses do not add this header.


Responses arrives to the browser without the Strict-transport-Policy header.


- ASM is provisioned with CAPTCHA/CSI challenge enabled or - DoS is provisioned with CAPTCHA/CSI enabled or - Bot Defense is provisioned with CAPTCHA mitigation/Browser JS verification/Device ID collection is enabled.


Create an iRule to add the header to the response.

Fix Information


Behavior Change