Knowledge base glossary

What are HttpOnly Cookies? A short definition.

1 minute reading time

HttpOnly cookies are a type of cookie that can only be accessed by the server and are not accessible to client-side scripts, such as JavaScript.

The feature helps to enhance the security of a website by preventing certain types of attacks, such as cross-site scripting (XSS).

By setting the HttpOnly flag on a cookie, the cookie cannot be accessed by malicious scripts that run in the browser.

This can help to protect sensitive information, such as session cookies, from being stolen by attackers. HttpOnly cookies are supported by all major web browsers and can be set by a server in the HTTP response header.

You can see what kind of cookies a website places by going to the developer tools in your browser. Check it out!

Profielfoto Freek Kampen

By Freek Kampen

Data & Analytics specialist and co-owner of New North Digital. With a background in online advertising, I solve tracking and data issues for entrepreneurs and agencies.

Looking for more answers?

Check out our knowledge base for more terms like HttpOnly Cookies. Level up your knowledge with our articles on core concepts in web analytics.

Continue learning
Compare list
Get help

Send us a message