Forum Discussion

Nimbostratus

Jan 19, 2007

Securing Cookies

I use a simple rule to add ";Secure" to the end of ever "Set-Cookie" header in a particular app server's response, and it works great for what it was originally intended to do. when HTTP_RESPONSE...

Nimbostratus

Jan 04, 2008

We ended up using a simple solution that seems to work for us:

when HTTP_RESPONSE {

set myValues [HTTP::cookie names]

foreach mycookies $myValues {

HTTP::cookie secure $mycookies enable

}

Not sure if that helps.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

announcement

Appworld2026

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Securing Cookies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Illegal Metacharacter in Parameter Name in Json Data

Cisco TACACS+ Config on ISE LTM Pair

AS3 declaration to set cookie to preferred

SSL Bridging and FQDN rewrite Policy

Checking for X-Forwarded-For against an Address Data-Group

Related Content

Quarterly Security Notification October 2025

Increased Security With First Party Cookies

Positive Security vs. Negative Security: A Comparison Using F5's Security Portfolio

BIG-IP security hardening and compliance checks

What is Shape Security?

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS