A web application firewall (WAF) receives an application request from a router, wherein the application request is directed to a web application, and wherein the web application firewall is associated with the web application. The WAF updates the application request to include a first header, wherein the first header includes a copy of a uniform resource locator of the application request, and updates the uniform resource locator to indicate an address of the web application firewall. The WAF analyzes the application request to determine whether the application request is secure, wherein the analysis is based on a rule, and in response to a determination that the application request is secure, updates the application request to include a second header, wherein the second header includes an encrypted signature.