This KB article describes, which information is included within a webfilter request, sent from a FortiGate unit to the FortiGuard service, in order to evaluate the website category.
The information sent includes the following:
As per OWASP guidelines, security sensitive information should never be included as a part of the URL, as URLs are often logged on intermediate proxies and firewalls. It is up to the application vendor or owner, to ensure that URLs do not leak any sensitive information.
Note that these FortiGuard requests are also obfuscated, and can not be easily read using a packet capture tool.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.