Blog

News, insights and more

Learn more about Clerk, our approach to authentication, and company news.

How HttpOnly cookies help mitigate XSS attacks

HttpOnly cookies do not prevent cross-site scripting (XSS) attacks, but they do lessen the impact and prevent the need to sign out users after the XSS is patched. HttpOnly cookies are not a substitute for XSS prevention measures.

Published: May 6, 2021

How HttpOnly cookies help mitigate XSS attacks
Category
Engineering
Published
May 6, 2021
Authors