Forum Discussion

Jacqueline's avatar
Icon for Nimbostratus rankNimbostratus
Jan 09, 2020

What causes the TSbd/TSbp script to be inserted into the source code of a website?

In the source code of the website I work on I see that the script below is being inserted.

<script type="text/javascript">
	window["_tsbp_"] = { ba : "X-TS-BP-Action", bh : "X-TS-AJAX-Request"};
  	</script><script type="text/javascript" src="/TSbd/08300f25d2ab20002940ca95b1a84050e4ba6d156f677a6f2819bde419b59b20e8b36a05eca4b390?type=2"></script>


As we have AMP pages on our website which doesn't allow any custom JavaScript we would like to not get this script inserted. However, we are having some problems indentifying what exactly is causing this script to be inserted. We do run the WAF on our F5 and I suspect it's the culprit but I have been unable to confirm this. Also, I've been moving around some elements in the <head> tags and when I specifically move our scripts down to the bottom the TSbd/TSbp script is no longer being inserted.


What I would like to know is what triggers the TSbd/TSbp script to be inserted. I am starting to think something on the F5 looks at the first X bytes of the page and then decides whether or not to insert the script. I would also like to know if there is more information about this topic available as I've not been able to find a lot. Maybe I am just not searching for the correct thing.

1 Reply

  • Hi,


    This is the machanism of ASM to validate cookie.


    The BIG-IP ASM system validates these cookies returning from the clients to ensure that the cookies are not modified. In BIG-IP ASM 11.4.0 and later, a random security key is generated uniquely to each deployment and combined with a configurable encryption algorithm to provide a security context for cookie protection.


    You can refer more detail over here