Airlock Anomaly Shield cookies

Cookie name	Description	Example values (values are urldecoded)
`AL_ENV_ML_ANOMALY`	The cookie carries the same session identifier that is used in the corresponding log message, ensuring traceability. normal – no anomaly found anomalous – incoming traffic matched a configured anomaly detection trigger exception – a traffic matcher has intervened and no action is executed redeemed – the session was initially classified as anomalous but has been reclassified as normal	`AL_ENV_ML_ANOMALY:normal`
`AL_ENV_ML_DATA`	The payload is in JSON format and %‑encoded. Pretty printed example: Example { "val": { "grm": 0.1, "ifo": 0.2, "scm": 0.3, "tcs": 0.4, "qpm": 0.5, "cba": 0.6 }, "thr": { "grm": 0.11, "ifo": 0.22, "scm": 0.33, "tcs": 0.44, "qpm": 0.55, "cba": 0.66 } } There are two different JSON top-keys: `“val”` (= values) and `“thr”` (= thresholds). For every top-key, the full set of machine learning models with their current raw values is included: `“grm”` – graph metrics cluster `“ifo”` – isolation forest `“scm”` – status code meta `“tcs”` – timing cluster `“qpm”` – query parameters `“cba”` – client behavior	`AL_ENV_ML_DATA: %7B%22val%22%3A%7B%22grm%22%3A0.996%2C%22ifo%22%3A0.991%2C%22scm%22%3A0%2C%22tcs%22%3A0.976%2C%22qpm%22%3A0%2C%22cba%22%3A0%7D%2C%22thr%22%3A%7B%22grm%22%3A0.99%2C%22ifo%22%3A0.99%2C%22scm%22%3A0.99%2C%22tcs%22%3A0.99%2C%22qpm%22%3A0.85%2C%22cba%22%3A0.85%7D%7D`