Section
2.2.2
Top Level
Sub Level
General
Set the HttpOnly flag.
Java
In J2EE,
response.setHeader("Set-Cookie", "cookiename=value1; HTTPOnly");