The HTTP Profiles tab (under Security) is where you can setup profiles to filter HTTP protocol oriented attributes (methods, content-type, declarative security, XML/JSON payload parsing, and information leakage attributes). You can choose one HTTP profile per web application.
What are the HTTP profile settings?
The HTTP profile includes several components previously included in the Security Policy using WAF v1 (HTTP Protocols, Information Leakage, and Declarative Security).