JSON Protection Checks

Citrix Web App Firewall protects your JSON applications from content-level DoS, SQL, or XSS attacks. When an incoming JSON request has a DoS, SQL, or XSS attack, you must protection your application by configuring limits on various JSON structures such as arrays and strings.

Note: The JSON security checks apply only to content that is sent with an JSON content-type header. If the content-type header is missing, or is set to a different value, all JSON security checks are bypassed. If you plan to protect your JSON applications, the webmasters of each web server that hosts those applications should ensure that the proper JSON content-type header is sent.

JSON Protection Checks