Forum Discussion

Nimbostratus

Oct 16, 2009

remove CFID value from header

Hello, in a security audit we are trying to remove or remove the Set-Cookie CFID value from HTTP::response for a security audit here is the header HTTP/1.1·200·OK...

Cirrostratus

Oct 16, 2009

You can use HTTP::cookie remove CFID (Click here) to remove the cookies from the response in the HTTP_RESPONSE event:

 
 when HTTP_RESPONSE { 
  
     Remove any cookies named CFID 
    while {[HTTP::cookie exists "CFID"]}{ 
  
       HTTP::cookie remove "CFID" 
    } 
 }

Aaron

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

remove CFID value from header

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

syslog over tcp and define management IP as source

Managing iRules configuration

Recommendation for Adv. Lab

Unable to Forward APM and AFM Logs to AWS CloudWatch Using Telemetry Streaming

How to configure ssh access by key on F5OS

Related Content

iRule to Remove Duplicate Header by Value

Remove X- Headers From Web Server Response

Remove the "Server" header

Remove alerts showing r-series LCD/Dashboard.

Removing x-frame-options header from response when using APM

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS