Which browsers do support HttpOnly cookies?

https://stackoverflow.com/questions/528405

22-08-2019
|

Question

Which browsers do support HttpOnly cookies, and since which version?

Please see http://www.codinghorror.com/blog/archives/001167.html for a discussion of HttpOnly cookies and XSS-prevention.

Solution

Feel free to add to this list:

Internet Explorer since 6 sp1 (source, source)
Firefox since 2.0.0.5 (source)
Opera since 9.5 (possibly earlier) (source)
Safari since 4 (source)
Chrome since 1.0.154 (source)

OTHER TIPS

Up to date results can be found here:

http://www.browserscope.org/?category=security

(linked from the OWASP article mentioned above)

OWASP have this documented. See http://www.owasp.org/index.php/HttpOnly

All major browsers support HttpOnly.

Microsoft IE 5.0+
Mozilla Firefox 1.0+
Google Chrome
Apple Safari
Opera 8.0+

Licensed under: CC-BY-SA with attribution

Not affiliated with StackOverflow