Citrix ADC

Cookie Protection

Cookie is a small packet data sent from a web server to a client browser. Cookies carry sensitive data such as passwords, user authentication details, and credentials over an HTTP connection and stored in a web browser. Hence it is highly important to protect cookies from attackers who steal information.

Cookie consistency check: Examines cookies returned with user requests to verify that they match the cookies your Web server set for that user. If a modified cookie is found, it is stripped from the request before the request is forwarded to the Web server. For more information, see Cookie consistency check topic.

Cookie hijacking protection: Hijacking refers to a situation where an attacker gains an unauthorized access to cookies. To protect cookie from authorized access, the Citrix ADC Web App Firewall (WAF) challenges the TLS connection from the client along with WAF cookie consistency validation. For every new client request, the appliance validates the TLS connection and also verifies the consistency of application and session cookie in the request. For more information, see Cookie hijacking protection topic.

SameSite cookie attribute: The SameSite attribute in the Set-Cookie HTTP response allows you to declare if your cookie should be restricted to a first-party or same-site context. The cookie setting mitigates attacks and provides a secured web communication. For more information, see SameSite cookie attribute topic.

Cookie Protection