How to restrict cookies originating from some other subdomain not to reach at my subdomain endpoints

Question

I have my application app hosted as app.clientX.com for a client X. There is a limitation on request header size to 4k so that any request head