From f00fb2afe29baaebd85512a24421c18b8fac3e80 Mon Sep 17 00:00:00 2001
From: Alan Dooley <a.dooley@f5.com>
Date: Thu, 18 Dec 2025 15:51:34 +0000
Subject: [PATCH] fix: Update default cookie enforcement attribute value

Closes #1517
---
 content/waf/policies/cookie-enforcement.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/waf/policies/cookie-enforcement.md b/content/waf/policies/cookie-enforcement.md
index f6e5cbc37..8253b30e5 100644
--- a/content/waf/policies/cookie-enforcement.md
+++ b/content/waf/policies/cookie-enforcement.md
@@ -16,7 +16,7 @@ You can control the attributes within these cookies.
 | ------------------- | ------------- | ---------------- | --------------- |
 | `httpOnlyAttribute` | _true_        | _false_          | _true_ in all policies |
 | `secureAttribute`   | _never_       | _always_          | _always_ in the strict and API policies |
-| `sameSiteAttribute` | _lax_      | _none-value_, _strict_,  _none_ | _strict_ in the strict policy, _none_ removes the attribute entirely  |
+| `sameSiteAttribute` | _strict_      | _none-value_, _strict_,  _none_ | _strict_ in the strict policy, _none_ removes the attribute entirely  |
 
 In this example, HttpOnly is configured as `true`, Secure as `never`, and SameSite as `strict`.