Which browsers do support HttpOnly cookies?

About

Asked 9/2, 2009 at 14:45 Answered 9/2, 2009 at 14:45

Solved security browser cookies xss httponly

Which browsers do support HttpOnly cookies, and since which version?

Please see http://www.codinghorror.com/blog/archives/001167.html for a discussion of HttpOnly cookies and XSS-prevention.

Mohler answered 9/2, 2009 at 14:45 Comment(0)

Feel free to add to this list:

Internet Explorer since 6 sp1 (source, source)
Firefox since 2.0.0.5 (source)
Opera since 9.5 (possibly earlier) (source)
Safari since 4 (source)
Chrome since 1.0.154 (source)

Pazice answered 9/2, 2009 at 14:45 Comment(4)

Thanks! Found this list which adds some info: owasp.org/index.php/HTTPOnly#Browsers_Supporting_HTTPOnly – Mohler 9/2, 2009 at 22:11

@Mohler : Link is case sensitive and/or has been modified: owasp.org/index.php/HttpOnly#Browsers_Supporting_HttpOnly – Weisler 6/8, 2013 at 0:54

Link for Chrome is dead (Page not found We're sorry, but we were unable to locate the page you requested.). – Parker 27/6, 2016 at 6:57

somebody should update this list again or is it obsolete now with https?? – Undistinguished 22/8, 2017 at 21:11

-10

All major browsers support HttpOnly.

Microsoft IE 5.0+
Mozilla Firefox 1.0+
Google Chrome
Apple Safari
Opera 8.0+

Boehmer answered 9/2, 2009 at 14:45 Comment(2)

I don't think that's true--can you provide references? – Pazice 9/2, 2009 at 14:50

I've seen reports that "IE6 SP1" and "Firefox 2.0.0.5" "now support HttpOnly cookies", which leads me to believe that at least IE5 and Firefox 1 dont support it. – Siskind 9/2, 2009 at 14:52

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags