Discuss this help topic in SecureBlackbox Forum
Specifies if the cookie should be used only for HTTP communication.
Declaration
Description
This attribute is defined in RFC 2965 and was previously used in Netscape cookie specification. From RFC 6265:
The HttpOnly attribute limits the scope of the cookie to HTTP requests. In particular, the attribute instructs the user agent to omit the cookie when providing access to cookies via "non-HTTP" APIs (such as a web browser API that exposes cookies to scripts).