Forum Discussion
Kai_Wilke
Feb 06, 2017MVP
Hi Ruggerfly,
the provided iRule looks good.
You can test your HSTS setup, by accessing the web site as usual. Then close the browser and try to access the page again via plain-text HTTP. The client should immediately switch to HTTPS without sending a single HTTP request over the wire (can be verified via TCPDUMP, Fiddler2, HTTPWatch, etc. request captures).
Note: You may also compare the issued HSTS header and the SSL-Labs results of https://devcentral.f5.com with your results. F5 has deployed very strict SSL settings with HSTS support.
Cheers, Kai