Title: httponly cookie
Last modified: December 29, 2022

---

# httponly cookie

 *  Resolved [mintasia2023](https://wordpress.org/support/users/mintasia2023/)
 * (@mintasia2023)
 * [3 years, 5 months ago](https://wordpress.org/support/topic/httponly-cookie-2/)
 * How can we add this HTTPonly Attribute to URL below?
   150121 Session Cookie (Authentication
   Related) Does Not Contain The“HTTPOnly” Attribute
 * Cookies without the “HTTPOnly” attribute are permitted to be accessed
   via JavaScript.
   Cross-site scripting attacks can steal to sessioncookies which could lead to 
   user impersonation or compromise of theapplication account.

Viewing 1 replies (of 1 total)

 *  Plugin Author [Bob](https://wordpress.org/support/users/prasunsen/)
 * (@prasunsen)
 * [3 years, 5 months ago](https://wordpress.org/support/topic/httponly-cookie-2/#post-16337721)
 * You can’t and you shouldn’t. Watu’s cookies must be accessible via JavaScript
   and should not be HTTPOnly. There is no sensitive information in them so please
   ignore so-called security reports or experts or whatever is advising you that
   the cookie should have this attribute.

Viewing 1 replies (of 1 total)

The topic ‘httponly cookie’ is closed to new replies.

 * ![](https://ps.w.org/watu/assets/icon-128x128.png?rev=1680960)
 * [Watu Quiz](https://wordpress.org/plugins/watu/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/watu/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/watu/)
 * [Active Topics](https://wordpress.org/support/plugin/watu/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/watu/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/watu/reviews/)

 * 1 reply
 * 2 participants
 * Last reply from: [Bob](https://wordpress.org/support/users/prasunsen/)
 * Last activity: [3 years, 5 months ago](https://wordpress.org/support/topic/httponly-cookie-2/#post-16337721)
 * Status: resolved