Which browsers do support HttpOnly cookies?

security browser cookies xss httponly

26,351

Solution 1

Feel free to add to this list:

Internet Explorer since 6 sp1 (source, source)
Firefox since 2.0.0.5 (source)
Opera since 9.5 (possibly earlier) (source)
Safari since 4 (source)
Chrome since 1.0.154 (source)

Solution 2

Up to date results can be found here:

http://www.browserscope.org/?category=security

(linked from the OWASP article mentioned above)

Solution 3

OWASP have this documented. See http://www.owasp.org/index.php/HttpOnly

26,351

Related videos on Youtube

Author by

knorv

Updated on October 12, 2020

Comments

knorv over 3 years

Which browsers do support HttpOnly cookies, and since which version?

Please see http://www.codinghorror.com/blog/archives/001167.html for a discussion of HttpOnly cookies and XSS-prevention.
Michael Haren over 15 years

I don't think that's true--can you provide references?
Joachim Sauer over 15 years

I've seen reports that "IE6 SP1" and "Firefox 2.0.0.5" "now support HttpOnly cookies", which leads me to believe that at least IE5 and Firefox 1 dont support it.
knorv over 15 years

Thanks! Found this list which adds some info: owasp.org/index.php/HTTPOnly#Browsers_Supporting_HTTPOnly
Brian McCutchon almost 11 years

@knorv : Link is case sensitive and/or has been modified: owasp.org/index.php/HttpOnly#Browsers_Supporting_HttpOnly
Pang almost 8 years

Link for Chrome is dead (Page not found We're sorry, but we were unable to locate the page you requested.).
oldboy over 6 years

somebody should update this list again or is it obsolete now with https??

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?

How to troubleshoot crashes detected by Google Play Store for Flutter app

Cupertino DateTime picker interfering with scroll behaviour

Why does awk -F work for most letters, but not for the letter "t"?

Flutter change focus color and icon color but not works

How to print and connect to printer using flutter desktop via usb?

Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0

Flutter Dart - get localized country name from country code

navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage

Android Sdk manager not found- Flutter doctor error

Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)

How to change the color of ElevatedButton when entering text in TextField

Related

Is it possible for a XSS attack to obtain HttpOnly cookies?

Add Secure and httpOnly Flags to Every Set-Cookie Response in Apache httpd

How exactly do you configure httpOnlyCookies in ASP.NET?

Detecting if a browser is using Private Browsing mode

Change Browser settings by script

C# WebBrowser control: Clearing cache without clearing cookies

How to STOP browsers from sharing session amongst tabs?

Cookie with HttpOnly flag for a angularJs application on Https protocol

Cookies not saved in the browser

Client Cross Frame Scripting Attack resolution