HTTP changes that occur when using AppFirewall
AppFirewall needs to modify packets in order to detect any sort of tampering. In addition to this, enabling certain protections requires AppFirewall to drop parts of the Server response (such as credit cards and other sensitive data) or alternatively transform them (such as keywords) so that special characters are rendered harmless. In this section, let's examine these changes:
One of the first changes you will notice if using features that require sessionization is that AppFirewall adds session cookies to the application's own cookies.
AppFirewall Session Cookie when using Advanced Profiles
When Advanced Protections are enabled, AppFirewall also removes caching headers so that instead of a conditional response, a full response is received. This is needed to allow AppFirewall to understand the context of the data being exchanged and drop the response if needed. This does however mean that you will see more requests to the backend servers when using...
