Forum Discussion

Nimbostratus

Jan 09, 2020

What causes the TSbd/TSbp script to be inserted into the source code of a website?

In the source code of the website I work on I see that the script below is being inserted. <script type="text/javascript"> //<![CDATA[ window["_tsbp_"] = { ba : "X-TS-BP-Action", bh : "X-TS-AJAX-...

Cirrostratus

Jan 13, 2020

Hi,

This is the machanism of ASM to validate cookie.

The BIG-IP ASM system validates these cookies returning from the clients to ensure that the cookies are not modified. In BIG-IP ASM 11.4.0 and later, a random security key is generated uniquely to each deployment and combined with a configurable encryption algorithm to provide a security context for cookie protection.

You can refer more detail over here https://support.f5.com/csp/article/K6850

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

What causes the TSbd/TSbp script to be inserted into the source code of a website?

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

Failed to execute iptable cmd: ," CMD="iptables -A SSH_ALLOW_RULES error

Cannot ping external interface

HA Failover between two Datacenters

LTM issue Openning new web browser tab

F5 asm/awaf

Related Content

APM-Specific Features for Securing Your Website

Security Headers Insertion

Troubeshooting website connection

F5 Websites Accessibility Survey

Forwarded HTTP Extension Insertion (RFC 7239)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS