Used to authenticate legitimate sources in modern attack mitigation systems. If HTTP services are under
DOS attack; the protection action is triggered. The Attack Mitigation System will authenticate requests by sending a challenge JavaScript response to the suspect client. If the client executes the received challenge JavaScript, generates the cookie, and re-sends the original HTTP request with the JavaScript-generated cookie, it proves that it is a legitimate browser-based client.