The out-of-the-box feature of IBM Security Access Manager (ISAM) V9.0 that enables invalidating a defined collection of back-end server generated HTTP cookies when the user logs off WebSEAL is the 'logout-remove-cookie' attribute in the webseal.conf configuration file. This attribute specifies which cookies should be removed during logout, ensuring proper session termination.