What does the 'HttpOnly' attribute flag instruct a web browser to do when handling a specific session cookie?
A. To force the web page content layout into a text-only presentation mode
B. To ensure the cookie only operates when accessing local intranet platforms
C. To delete the cookie instantly when the network switches to an alternative port path
D. To prevent client-side scripts (like JavaScript) from accessing the cookie, reducing the risk of data theft via Cross-Site Scripting (XSS)
Answer: Option D
Solution (By JKExamLibrary)
The 'HttpOnly' security flag prevents client-side scripts from reading cookie strings via properties like 'document.cookie', protecting session tokens from malicious script injection exploits.
No comments yet. Be the first to start the discussion!