Optional features

F5 AI Gateway includes a set of optional features which can be enabled using feature flags.

Enable optional features

Optional features are enabled using the aigw.featureFlags key specified in the values.yaml file.

See the Features section for valid feature flag values.

Example:

aigw:
  featureFlags:
    - FEATURE_1
    - FEATURE_2
    - FEATURE_3

Features

Header propagation

Warning

This feature is currently experimental and provided on an “as-is” and “try at your own risk” basis.

It may be unstable, incomplete, or subject to change without notice.

By enabling or using this feature, you acknowledge and accept that:

  • The feature has not undergone full security review or production-level testing.

  • The product and its developers make no guarantees regarding the security, reliability, or performance of this feature.

It is strongly recommend that experimental features be tested in non-production environments.

The header propagation feature enables the forwarding of client request and service response headers.

Without header propagation, as is the case when this feature is disabled, any HTTP request headers sent by the client other than X-Request-ID are dropped upon receipt.

Likewise any HTTP response headers returned by the upstream LLM are dropped before writing the client response.

With the header propagation feature enabled operators are given fine-grained control over how AI Gateway handles both HTTP request and HTTP response headers.

See the configuration and enforcement sections below to understand how to configure both request and response policies and how those policies are enforced by F5 AI Gateway.

To enable the header propagation feature, add the CUSTOM_HEADERS value to the aigw.featureFlags key specified in the values.yaml.

aigw:
  featureFlags:
    - CUSTOM_HEADERS

Configuration

To enable header propagation start by declaring a new service with the executor custom. The custom executor is an extension of the openai conforming with it’s usage and chat completions API spec.

The custom executor configuration differs from the standard executor configuration in two ways.

  1. The custom executor does not support the use of secrets. Instead, credentials must either be passed through as request headers or configured in the request policy with a static value. An example is included below.

  2. The custom executor introduces a new configuration parameter, headers, which defines header propagation policies.

Each service declaration may define two named header policies:

  1. request – executed on incoming client request headers.

  2. response – executed on outgoing service response headers.

Each policy is configured with a set of rule parameters:

Parameter

Description

Type

allowAll

Allows all headers to pass through. No other options may be specified with this rule though it’s possible to append additional rules to the policy.

boolean

name

Identifies a header as eligible for propagation.

string

value

Sets a default value for the named header. Incoming headers may override this if allowOverride is true.

string

sensitive

Marks a header as sensitive. Sensitive values will be redacted in transaction exports.

boolean

required

Marks a header as required. After all rules (such as value) are applied, this header must be present AND have a non-empty value.

boolean

allowOverride

Allows an incoming header with the same name to override the configured value; otherwise(default) the incoming value is dropped.

boolean

Example Configuration:

services:
  - name: openai
    executor: custom
    type: gpt-4.1
    config:
      endpoint: https://api.openai.com/v1/chat/completions
      headers:
         request:
            # The `name` with no additional options simple allows the passthrough of the header
           - name: "Account-Id"
           - name: "Authorization"
             required: true
             sensitive: true
             # ANONYMOUS acts as a default value for header key 'User-ID'
           - name: "User-Id"
             value: "ANONYMOUS"
         response:
           - allowAll: true

Enforcement

Header propagation rules are enforced as follows:

  1. Any header not listed by name in the policy is dropped.

  2. Headers listed by name are eligible for propagation.

  3. Headers identified by name with a configured value are propagated with that value, unless overridden.

  4. If allowOverride is set to true, the incoming header may override the configured value. Otherwise the incoming header value will be dropped.

  5. Headers marked as required must have a non-empty value—either from the default value or from an incoming headers.

  6. Headers marked as sensitive will have their values redacted in transaction exports.

  7. If allowAll is set to true, all incoming headers are eligible for propagation. Additional rules may still be configured to refine behavior.

OpenAI Streaming Response

Warning

This feature is currently experimental and provided on an “as-is” and “try at your own risk” basis.

It may be unstable, incomplete, or subject to change without notice.

By enabling or using this feature, you acknowledge and accept that:

  • The feature has not undergone full security review or production-level testing.

  • The product and its developers make no guarantees regarding the security, reliability, or performance of this feature.

It is strongly recommend that experimental features be tested in non-production environments.

The streaming response feature allows clients to receive partial model outputs in real time as they are generated, rather than waiting for the entire response to complete. This improves responsiveness and enables interactive user experiences. Streaming is supported for the openai and custom executors.

See the OpenAI Chat Completion streaming API reference for details.

To enable the streaming response feature, add the OPENAI_STREAMING value to the aigw.featureFlags key specified in the values.yaml.

aigw:
  featureFlags:
    - OPENAI_STREAMING

Limitations

  • Response streaming is only available when using the openai or custom executors. Other executors do not support this feature.

  • Streaming cannot be enabled on profiles that use responseStages; these profiles are incompatible with streaming.

  • Requests that do not meet the above requirements will be rejected and will not be processed.

OpenAI Tool passthrough

Warning

This feature is currently experimental and provided on an “as-is” and “try at your own risk” basis.

It may be unstable, incomplete, or subject to change without notice.

By enabling or using this feature, you acknowledge and accept that:

  • The feature has not undergone full security review or production-level testing.

  • The product and its developers make no guarantees regarding the security, reliability, or performance of this feature.

It is strongly recommend that experimental features be tested in non-production environments.

The tool call passthrough feature allows clients to leverage OpenAI’s tool calling capabilities by forwarding the tools and tool_choice parameters in Chat Completion requests. This enables integration with external tools or functions, and the response will include a tool_calls object from the upstream service with details about any tool invocations.

See the OpenAI Chat Completion tools API reference for details.

To enable the tool call passthrough feature, add the OPENAI_TOOLS value to the aigw.featureFlags key specified in the values.yaml.

aigw:
  featureFlags:
    - OPENAI_TOOLS

Limitations

  • Tool call passthrough is only available with the openai and custom executors. Other executors do not support this feature.

  • The tools request parameter and tool_calls response object are not processed or filtered by any processors; use caution when handling sensitive data.