Simon Willison’s Weblog

6th September 2007 - Link Blog

HTTPOnly cookie support in Firefox. Five years after the bug was filed, HTTPOnly cookie support has gone in to the Mozilla 1.8 branch. This is a defence in depth feature that has been in IE for years—it lets you set cookies that aren’t available to JavaScript, and hence can’t be hijacked in the event of an XSS flaw.

Posted 6th September 2007 at 6:27 am

Recent articles

Meta's new model is Muse Spark, and meta.ai chat has some interesting tools - 8th April 2026
Anthropic's Project Glasswing - restricting Claude Mythos to security researchers - sounds necessary to me - 7th April 2026
The Axios supply chain attack used individually targeted social engineering - 3rd April 2026

This is a link post by Simon Willison, posted on 6th September 2007.

brad-fitzpatrick 11 firefox 90 httponly 3 internet-explorer 74 javascript 750 mozilla 114 security 597

Monthly briefing

Sponsor me for $10/month and get a curated email digest of the month's most important LLM developments.

Pay me to send you less!

Sponsor & subscribe