My Oracle Support Banner

[OCI-C LBaaS] How To Suppress Both "X-Frame-Options" and "Strict-Transport-Security" Headers in Oracle OCI-Classic Load Balancer (Doc ID 2435410.1)

Last updated on FEBRUARY 25, 2019

Applies to:

Oracle Compute Cloud Service - Version N/A to N/A
Information in this document applies to any platform.


With OCI-Classic Load Balancer as a Service (LBaaS), the string "HTTP Strict-Transport-Security" (HSTS) might be seen appended to an HTTP header.  The goal of this document is to explain how to set an LBaaS policy to disable this HSTS response header.


HTTP Strict-Transport-Security (HSTS) is an industry standard, created to prevent man-in-the-middle attacks. See the following 3rd party links for more information on HSTS.



To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.