AnsweredAssumed Answered

HTTP Strict Transport Security

Question asked by Birger Unell on Oct 28, 2014
Latest reply on Dec 19, 2017 by Richard Braddock



How "HTTP Strict Transport Security" can be used/implement at Akamai ?

It seems it was discussed during last Edge Conference or Akamai University in Miami, unfortunately, I wasn't able to attend.


On F5 BIG-IP, it's implemented in an iRule:

### iRule for HSTS HTTP Virtuals ###   

when HTTP_REQUEST {   

    HTTP::respond 301 Location "https://[HTTP::host][HTTP::uri]"   


### iRule for HSTS HTTPS Virtuals ###   

when RULE_INIT {  

     set static::expires [clock scan 20110926]  



  HTTP::header insert Strict-Transport-Security "max-age=[expr {$static::expires - [clock seconds]}]; includeSubDomains"  



In my property Rule, I'm able to setup the http to https redirect and the header modification, but what about the clock scan ?