Revision as of 15:29, 13 December 2015 view source Rcsprinter123 (talk \| contribs) Autopatrolled, Extended confirmed users, File movers, IP block exemptions, Rollbackers 82,640 edits m Reverted edits by 188.29.165.233 (talk) (HG) ← Previous edit		Revision as of 13:47, 16 December 2015 view source 194.90.89.129 (talk) →HttpOnly cookie Next edit →
Line 40: ===HttpOnly cookie=== HttpOnly cookies can only be used when transmitted via [[HTTP]] (or [[HTTP Secure\|HTTPS]]). They are not accessible through non-HTTP APIs such as [[JavaScript]]. This restriction eliminates the threat of cookie theft via cross-site scripting (XSS), while leaving the threats of [[Cross-site_tracing\|cross-site tracing (XCT)]] and [[Cross-site_request_forgery\|cross-site request forgery (CSRF)]] intact. ===Third-party cookie===

HTTP cookie: Difference between revisions