Skip to content Skip to sidebar Skip to footer

Is It Possible To Prevent Cookies To Be Sent In Every Http Request?

I recently found (here: Does every web request send the browser cookies?) that every HTTP request contains the cookies related to a domain every time a request is made to that same

Solution 1:

Browsers

Is not possible to prevent browser to send cookies.

This is why is generally it is recommended (Yahoo developer Best practice, see section Use Cookie-free Domains for Components) to serve static content like css, images, from a different domain that is cookie free.

When the browser makes a request for a static image and sends cookies together with the request, the server doesn't have any use for those cookies. So they only create network traffic for no good reason. You should make sure static components are requested with cookie-free requests. Create a subdomain and host all your static components there.


Programmatically

From any programming language, instead, you can choose if you like to send cookies or not.

Cookie management is done by the programmer, because libraries are written to make single requests.

So if you make a first request that return cookies, you need to explicit read them, hold them locally somewhere, and eventually put them in a second request to the same server if you need.

So from NodeJS if you don't explicitly add cookies in your requests the http call doesn't hold them.

Solution 2:

You Can Use Fetch with the credentials option set to omit see

https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API

Solution 3:

You can strip cookies with a proxy server. For example our product WinGate will allow you to modify requests (and responses), and you could use this to clear the Cookie header in requests.

However, this will prevent a large number of websites from functioning properly, as cookies are used to transport session IDs so that the server can identify each connection / request your browser makes as being from the same "session". HTTP itself does not have any concept of session.

Disclaimer: I work for Qbik who make WinGate.

Post a Comment for "Is It Possible To Prevent Cookies To Be Sent In Every Http Request?"