Section
2.1.9
Top Level
Sub Level
General
Set the HttpOnly
flag on the session cookie. This prevents malicious scripts from accessing (stealing) the session cookie from the browser in IE and other browsers that support this feature.
Django
Django provides no built-in support for setting the HttpOnly
flag.