On reentering the cached content etag is not validating
And Gateway is enabled to detect the malicious request as not being legitimate.
An HTTP cookie (also called web cookie, Internet cookie, browser cookie, or simply cookie) is a small piece of data sent from a website and stored on the user's computer by the user's web browser while the user is browsing.
Vint Cerf and John Klensin represented MCI in technical discussions with Netscape Communications.
MCI did not want its servers to have to retain partial transaction states, which led them to ask Netscape to find a way to store that state in each user's computer instead.
Other kinds of cookies perform essential functions in the modern web.
As stated above, a CSRF attack depends on the ability for malicious site to automatically construct a malicious request, that next the user is somehow lured into sending to the trusting site, and that is well-crafted to mislead the trusting site that the request is with the approval of the authenticated user.
Not from Java Script code that originates from another, external domain.
Therefore the malicious code cannot reasonable construct a complete transaction request that includes the proper value of CSRF Token in both request header and client cookie.
Without it, each request send from browser would first need to go through the authentication protocol with the remote webapplication, involving browser redirects, identity stores.
And in case of username/password browser logon, the user would have to reenter his/her credentials over and over again.