HTTP Load Balancer: | F5 Distributed Cloud Ideas and Feature Requests

API Docs Knowledge Base Training

HTTP Load Balancer: HSTS response header is missing includeSubdomains

Best practices are to include the includeSubdomains directive in HSTS header. When HSTS is enabled on an HTTP load balancers, includeSubDomains is missing from Strict-Transport-Security response header.

Reference links:
https://datatracker.ietf.org/doc/html/rfc6797
https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html

Joseph Cunningham
Jun 24 2025

Mesh / General

Comments (0)
Votes (2)

Attach files

Enter a subject

© 2022 F5, Inc. All rights reserved | Trademarks | Policies | Privacy | California Privacy | Do Not Sell My Personal Information