Forum Discussion

Nimbostratus

Oct 16, 2009

remove CFID value from header

Hello, in a security audit we are trying to remove or remove the Set-Cookie CFID value from HTTP::response for a security audit here is the header HTTP/1.1·200·OK...

Cirrostratus

Oct 16, 2009

You can use HTTP::cookie remove CFID (Click here) to remove the cookies from the response in the HTTP_RESPONSE event:

 
 when HTTP_RESPONSE { 
  
     Remove any cookies named CFID 
    while {[HTTP::cookie exists "CFID"]}{ 
  
       HTTP::cookie remove "CFID" 
    } 
 }

Aaron

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

remove CFID value from header

F5 Academies Are Back – And We’re Coming to a City Near You

Introducing the F5 Application Study Tool (AST)

Recent Discussions

About F5 idle timeout and keep-alive

Problem with sending BotDefense logs to remote server

OSPF traps on BIG-IP v14

[APM] - How to clear the cached certificate for specific url

Fireeye AX integration with F5 via API.

Related Content

Remove X- Headers From Web Server Response

Remove the "Server" header

Removing x-frame-options header from response when using APM

HTTPS Routing based on Client Certificates values with F5 Distributed Cloud

ASM irule to disable attack signature authorization header with specific value

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS