Does RBI protect the user against Session hijack?


One of our customers is considering upgrading their zero-trust policies and I thought of advising them to add the RBI extension to their teams accounts, however, I’m unsure if RBI is supposed to also protect the user from cookies being stolen.

Case scenario:
Agent 0 clicks a shady link and the URL contains an XSS cookie stealer, would the agent be compromised if the RBI extension is enabled?

Yes, the potentially malicious webpage code does not run on a user’s device.

This article written by Cloudflare, is really good to read for your customers.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.