Imperva Cyber Community

Is there a way to add Secure Flag to cookies which are generated by Imperva to track the session. 

Due to PCI compliance, we have been informed to have the Secure Cookie enabled to all the cookies so that it is shared via encrypted channel. I know these cookies are not sent to webserver and used only for tracking purpose. Imperva uses some java program to track the user session. Would like to know if we can force Secure flag on all the cookies ?

set-cookie	visid_incap_2627094=6duBDa8OQcWjQ0PnLETDSLeLF2MAAAAAQUIPAAAAAABKxwdpRVtOAoy4b6fTGBYa; expires=Wed, 06 Sep 2023 06:16:53 GMT; HttpOnly; path=/; Domain=.accountverificationsolutions.com
set-cookie	nlbi_2627094=NpOfAbpyXzkkDwQPSA+RyQAAAADuWlMPDFcpC5dAl05DTc/z; path=/; Domain=.accountverificationsolutions.com
set-cookie	incap_ses_124_2627094=TlpIL7lfZjJjWqNdqYm4AbeLF2MAAAAAfszJXVRbrLydTQsfu4jJYg==; path=/; Domain=.accountverificationsolutions.com

#CloudWAF(formerlyIncapsula)

------------------------------
Shivakumar Chanda
WAF Engineer
Experian Information Solutions, Inc.
Costa Mesa CA
------------------------------

Hi Shivakumar,

We get asked this pretty regularly in support. 

We (Imperva support) can add the secure flag through a back-end config on the account or per site basis and this applies to Imperva cookies only.

You would need to raise a support case for this one.

Thanks,


------------------------------
Mark McGarrigan
Technical User
Tel Aviv CA
------------------------------

Original Message:
Sent: 09-06-2022 14:31
From: Shivakumar Chanda
Subject: Secure Flag to Cookies

Is there a way to add Secure Flag to cookies which are generated by Imperva to track the session. 

Due to PCI compliance, we have been informed to have the Secure Cookie enabled to all the cookies so that it is shared via encrypted channel. I know these cookies are not sent to webserver and used only for tracking purpose. Imperva uses some java program to track the user session. Would like to know if we can force Secure flag on all the cookies ?

set-cookie	visid_incap_2627094=6duBDa8OQcWjQ0PnLETDSLeLF2MAAAAAQUIPAAAAAABKxwdpRVtOAoy4b6fTGBYa; expires=Wed, 06 Sep 2023 06:16:53 GMT; HttpOnly; path=/; Domain=.accountverificationsolutions.com
set-cookie	nlbi_2627094=NpOfAbpyXzkkDwQPSA+RyQAAAADuWlMPDFcpC5dAl05DTc/z; path=/; Domain=.accountverificationsolutions.com
set-cookie	incap_ses_124_2627094=TlpIL7lfZjJjWqNdqYm4AbeLF2MAAAAAfszJXVRbrLydTQsfu4jJYg==; path=/; Domain=.accountverificationsolutions.com

#CloudWAF(formerlyIncapsula)

------------------------------
Shivakumar Chanda
WAF Engineer
Experian Information Solutions, Inc.
Costa Mesa CA
------------------------------

Hello Shivakumar Chanda,

Thank you for your post, These cookies are from our proxies and the flag will need to be added in Imperva. This would need implement on the Imperva side and there is no action required from your end.
Please open a ticket with us (cloud-waf team)and share us the sites for which you want to add this.

------------------------------
Syed Noor Fazal
Product Support Engineer
------------------------------

Original Message:
Sent: 09-06-2022 14:31
From: Shivakumar Chanda
Subject: Secure Flag to Cookies

Is there a way to add Secure Flag to cookies which are generated by Imperva to track the session. 

Due to PCI compliance, we have been informed to have the Secure Cookie enabled to all the cookies so that it is shared via encrypted channel. I know these cookies are not sent to webserver and used only for tracking purpose. Imperva uses some java program to track the user session. Would like to know if we can force Secure flag on all the cookies ?

set-cookie	visid_incap_2627094=6duBDa8OQcWjQ0PnLETDSLeLF2MAAAAAQUIPAAAAAABKxwdpRVtOAoy4b6fTGBYa; expires=Wed, 06 Sep 2023 06:16:53 GMT; HttpOnly; path=/; Domain=.accountverificationsolutions.com
set-cookie	nlbi_2627094=NpOfAbpyXzkkDwQPSA+RyQAAAADuWlMPDFcpC5dAl05DTc/z; path=/; Domain=.accountverificationsolutions.com
set-cookie	incap_ses_124_2627094=TlpIL7lfZjJjWqNdqYm4AbeLF2MAAAAAfszJXVRbrLydTQsfu4jJYg==; path=/; Domain=.accountverificationsolutions.com

#CloudWAF(formerlyIncapsula)

------------------------------
Shivakumar Chanda
WAF Engineer
Experian Information Solutions, Inc.
Costa Mesa CA
------------------------------