BugZero | F5 BugID 737355 - HTTP Strict-Transport-Security (HSTS) headers not ...

F5 - Defect ID: 737355

HTTP Strict-Transport-Security (HSTS) headers not being added to all APM generated files

F5 - Defect ID: 737355

HTTP Strict-Transport-Security (HSTS) headers not being added to all APM generated files

Last updated on May 29th, 2024

BugZero Risk Score
7.5 High

Overall: 7.5

Severity: 7.3

Community: 4.1

Lifecycle: 7.9

What is the BugZero Risk Score?

F5 Integration

Learn more about where this data comes from

F5 Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Priority: 3-Major
Status: Verified
Impact Category: Access Policy Manager

Description

Symptoms

HTTP Strict-Transport-Security (HSTS) headers are missing for some APM-generated files.

Impact

Without these headers, the user agent (browser) may switch to non-secure communication.

Conditions

This occurs when the following conditions are met: -- HTTP profile is configured with HSTS enabled. -- HTTP GET requests for APM renderer files, including CSS, JS, and image files from the webtop.

Workaround

None.

Fix Information

When the HTTP profile is configured with HSTS enabled, all APM renderer files are now sent with HSTS headers.

Change history

2025-03-22 Added: 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1

Top F5 Defects by Risk Score

No bugs this month

F5 Integration

Learn more about where this data comes from

F5 Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

F5 - Defect ID: 737355

HTTP Strict-Transport-Security (HSTS) headers not being added to all APM generated files

F5 - Defect ID: 737355

HTTP Strict-Transport-Security (HSTS) headers not being added to all APM generated files

Last updated on May 29th, 2024

BugZero Risk Score
7.5 High

Bug Details

Symptoms

Impact

Conditions

Workaround

Fix Information

Links

Top F5 Defects by Risk Score

Ready to prevent the next vendor outage?

OPERATIONAL DEFECT DATABASE

F5 - Defect ID: 737355

HTTP Strict-Transport-Security (HSTS) headers not being added to all APM generated files

F5 - Defect ID: 737355

HTTP Strict-Transport-Security (HSTS) headers not being added to all APM generated files

Last updated on May 29th, 2024

BugZero Risk Score7.5 High

Bug Details

Symptoms

Impact

Conditions

Workaround

Fix Information

Links

Top F5 Defects by Risk Score

Ready to prevent the next vendor outage?

BugZero Risk Score
7.5 High