Hi folks,

is it possible to set the HttpOnly option https://www.owasp.org/index.php/HttpOnly within the Session Cookie to implement a Cross Site Scripting mitigation?

Best regards,

hesi