Revision as of 13:47, 16 December 2015 view source 194.90.89.129 (talk) →HttpOnly cookie ← Previous edit		Revision as of 13:50, 16 December 2015 view source Ferret (talk \| contribs) Autopatrolled, Extended confirmed users, Page movers, Pending changes reviewers, Rollbackers, Template editors 95,802 edits Cleaner Next edit →
Line 40: ===HttpOnly cookie=== HttpOnly cookies can only be used when transmitted via [[HTTP]] (or [[HTTP Secure\|HTTPS]]). They are not accessible through non-HTTP APIs such as [[JavaScript]]. This restriction eliminates the threat of cookie theft via cross-site scripting (XSS), while leaving the threats of [[~~Cross-site_tracing\|~~cross-site tracing]] (XCT)]] and [[~~Cross-site_request_forgery\|~~cross-site request forgery]] (CSRF)]] intact. ===Third-party cookie===

HTTP cookie: Difference between revisions