I am working on have a web application where, the HTTP request for static content (images / JS / CSS etc) is going with cookies. Ideally the cookies doesn't hold any significance for the static request except overloading the request. So, I tried giving the below configuration in the Apache's HTTPD.Conf file:
Uncommenting (It was commented prior to my change),
LoadModule setenvif_module modules/mod_setenvif.so &
LoadModule headers_module modules/mod_headers.so
Added below 2 lines,
SetEnvIf Mime image/.* unset-cookie
Header unset Set-Cookie
Post this change, if I intercept the HTTP request using tamper data, I still see the png / jpeg request carrying the cookies with it.
Can somebody help me if I am missing anything else?