Imperva Cyber Community

 View Only
  • 1.  Secure Flag to Cookies

    Posted 20 days ago
    Is there a way to add Secure Flag to cookies which are generated by Imperva to track the session. 

    Due to PCI compliance, we have been informed to have the Secure Cookie enabled to all the cookies so that it is shared via encrypted channel. I know these cookies are not sent to webserver and used only for tracking purpose. Imperva uses some java program to track the user session. Would like to know if we can force Secure flag on all the cookies ?

    set-cookie visid_incap_2627094=6duBDa8OQcWjQ0PnLETDSLeLF2MAAAAAQUIPAAAAAABKxwdpRVtOAoy4b6fTGBYa; expires=Wed, 06 Sep 2023 06:16:53 GMT; HttpOnly; path=/;
    set-cookie nlbi_2627094=NpOfAbpyXzkkDwQPSA+RyQAAAADuWlMPDFcpC5dAl05DTc/z; path=/;
    set-cookie incap_ses_124_2627094=TlpIL7lfZjJjWqNdqYm4AbeLF2MAAAAAfszJXVRbrLydTQsfu4jJYg==; path=/;


    Shivakumar Chanda
    WAF Engineer
    Experian Information Solutions, Inc.
    Costa Mesa CA

  • 2.  RE: Secure Flag to Cookies

    Posted 20 days ago
    Hi Shivakumar,

    We get asked this pretty regularly in support. 

    We (Imperva support) can add the secure flag through a back-end config on the account or per site basis and this applies to Imperva cookies only.

    You would need to raise a support case for this one.


    Mark McGarrigan
    Technical User
    Tel Aviv CA

  • 3.  RE: Secure Flag to Cookies

    Posted 18 days ago
    Hello Shivakumar Chanda,

    Thank you for your post, These cookies are from our proxies and the flag will need to be added in Imperva. This would need implement on the Imperva side and there is no action required from your end.
    Please open a ticket with us (cloud-waf team)and share us the sites for which you want to add this.

    Syed Noor Fazal
    Product Support Engineer