Which browsers do support HttpOnly cookies?

Question

Which browsers do support HttpOnly cookies, and since which version?

Please see http://www.codinghorror.com/blog/archives/001167.html for a discussion of HttpOnly cookies and XSS-prevention.

score 48 · Accepted Answer · edited Jul 13 '14 at 01:07

48

Feel free to add to this list:

edited Jul 13 '14 at 01:07

tomb

answered Feb 09 '09 at 14:49

Michael Haren

2

Thanks! Found this list which adds some info: http://www.owasp.org/index.php/HTTPOnly#Browsers_Supporting_HTTPOnly – knorv Feb 09 '09 at 22:11
1

@knorv : Link is case sensitive and/or has been modified: https://www.owasp.org/index.php/HttpOnly#Browsers_Supporting_HttpOnly – Brian McCutchon Aug 06 '13 at 00:54
1

Link for Chrome is dead (**Page not found** We're sorry, but we were unable to locate the page you requested.). – Pang Jun 27 '16 at 06:57
somebody should update this list again or is it obsolete now with https?? – oldboy Aug 22 '17 at 21:11

score 11 · Answer 2 · answered Dec 17 '10 at 03:41

11

Up to date results can be found here:

(linked from the OWASP article mentioned above)

answered Dec 17 '10 at 03:41

jim

score 3 · Answer 3 · answered Jul 29 '10 at 07:43

3

answered Jul 29 '10 at 07:43

Ian

score 0 · Answer 4 · answered Oct 11 '20 at 10:56

0

None of the links above offer a real compatibility table (OWASP page seems broken). Here is the link of :

answered Oct 11 '20 at 10:56

Shoham

score -10 · Answer 5 · answered Feb 09 '09 at 14:49

-10

All major browsers support HttpOnly.

answered Feb 09 '09 at 14:49

Nick Berardi

1

I don't think that's true--can you provide references? – Michael Haren Feb 09 '09 at 14:50
1

I've seen reports that "IE6 SP1" and "Firefox 2.0.0.5" "now support HttpOnly cookies", which leads me to believe that at least IE5 and Firefox 1 *dont* support it. – Joachim Sauer Feb 09 '09 at 14:52

5 Answers5