|
|
|
To help protect against cross-site scripting attacks, you can make the Web Agent set the HTTP-Only attribute for any cookies it creates using the following parameter:
Instructs the Web Agent to set the HTTP-only attribute on the cookies it creates. When a Web Agent returns a cookie with this attribute to a user's browser, the contents of the cookie cannot be read by a script, even a script from the web site which originally set the cookie. This helps prevent any sensitive information in the cookie from being sent to an unauthorized third party through a script.
Default: No
To safeguard the information in cookies, set the value of the UseHTTPOnlyCookies parameter to yes.
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |