Forum Discussion
IheartF5_45022
Oct 07, 2015Nacreous
Is there anything in the response flow AFTER the F5 and the HTTP_RESPONSE event that could remove the header? Does the iBank virtual server have an http profile that specifies 'Response Headers Allowed', as if so it would be removing the STS header after you insert it (unless you update the profile to include Strict-Transport-Security).
So you'll just need to debug why it's not appearing at all for iBank. Ad the following statement immediately after the header insertion in HTTP_RESPONSE;-
log local0. "STS:'[HTTP::header Strict-Transport-Security]'"
You can look at the log entries in /var/log/ltm.