Which browsers do support HttpOnly cookies?
26,351
Solution 1
Feel free to add to this list:
- Internet Explorer since 6 sp1 (source, source)
- Firefox since 2.0.0.5 (source)
- Opera since 9.5 (possibly earlier) (source)
- Safari since 4 (source)
- Chrome since 1.0.154 (source)
Solution 2
Up to date results can be found here:
http://www.browserscope.org/?category=security
(linked from the OWASP article mentioned above)
Solution 3
OWASP have this documented. See http://www.owasp.org/index.php/HttpOnly
Related videos on Youtube
Author by
knorv
Updated on October 12, 2020Comments
-
knorv over 3 years
Which browsers do support HttpOnly cookies, and since which version?
Please see http://www.codinghorror.com/blog/archives/001167.html for a discussion of HttpOnly cookies and XSS-prevention.
-
Michael Haren over 15 yearsI don't think that's true--can you provide references?
-
Joachim Sauer over 15 yearsI've seen reports that "IE6 SP1" and "Firefox 2.0.0.5" "now support HttpOnly cookies", which leads me to believe that at least IE5 and Firefox 1 dont support it.
-
knorv over 15 yearsThanks! Found this list which adds some info: owasp.org/index.php/HTTPOnly#Browsers_Supporting_HTTPOnly
-
Brian McCutchon almost 11 years@knorv : Link is case sensitive and/or has been modified: owasp.org/index.php/HttpOnly#Browsers_Supporting_HttpOnly
-
Pang almost 8 yearsLink for Chrome is dead (Page not found We're sorry, but we were unable to locate the page you requested.).
-
oldboy over 6 yearssomebody should update this list again or is it obsolete now with https??