HttpOnly
code:HTTP Response Header
If the HttpOnly flag (optional) is included in the HTTP response header, the cookie cannot be accessed through client side script If a browser that supports HttpOnly detects a cookie containing the HttpOnly flag, and client side script code attempts to read the cookie, the browser returns an empty string as the result.