<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="description" content="Search IETF mail list archives"> <title>_HttpOnly cookie prefix?</title> <link rel="stylesheet" type="text/css" href="https://static.ietf.org/mailarchive/2.29.0/fontawesome/css/all.css"> <link rel="stylesheet" type="text/css" href="https://static.ietf.org/mailarchive/2.29.0/mlarchive/css/bootstrap_custom.css"> <link rel="stylesheet" type="text/css" href="https://static.ietf.org/mailarchive/2.29.0/mlarchive/css/styles.css"> </head> <body> <!-- Container --> <div id="container"> <header class="navbar navbar-expand-md navbar-dark fixed-top px-3 py-0"> <div class="container-fluid"> <a class="navbar-brand p-0" href="/"> <img alt="IETF Logo" src="https://static.ietf.org/mailarchive/2.29.0/mlarchive/images/ietflogo-small-transparent.png"> <span class="navbar-text d-none d-md-inline-block"> Mail Archive </span> </a> <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbar-main" aria-controls="navbar-main" aria-expanded="false" aria-label="Toggle navigation"> <span class="navbar-toggler-icon"></span> </button> <div id="navbar-main" class="navbar-header collapse navbar-collapse"> <ul class="navbar-nav ms-auto"> <li class="nav-item d-none d-lg-inline"> <a class="nav-link" href="https://www.ietf.org/search/">Search www.ietf.org</a> </li> <li class="nav-item d-none d-lg-inline"> <a class="nav-link" href="https://datatracker.ietf.org">Search Datatracker</a> </li> <li class="nav-item d-none d-lg-inline navbar-text pipe"></li> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle" href="#" id="navbar-help" role="button" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Help</a> <div class="dropdown-menu" aria-labelledby="navbar-help"> <a class="dropdown-item" href="/arch/help/">Search Syntax</a> <a class="dropdown-item" href="/docs/api-reference/">API Reference</a> </div> </li> <li class="nav-item dropdown me-2"> <a id="nav-settings-anchor" class="nav-link dropdown-toggle" href="#" id="navbar-settings" role="button" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Settings</a> <ul class="dropdown-menu" aria-labelledby="navbar-settings"> <li><a id="toggle-static" class="dropdown-item" href="#">Turn Static Mode On</a></li> </ul> </li> <li class="nav-item"> <a class="nav-link" href="/oidc/authenticate/" rel="nofollow">Sign in</a> </li> </ul> </div> <!-- navbar-header --> </div> <!-- container-fluid --> </header> <!-- <noscript> <p class="navbar-text"><small>Enable Javascript for full functionality.</small></p> </noscript> --> <!-- Django Messages --> <!-- Content --> <div id="content"> <div class="container-fluid"> <nav class="navbar navbar-expand-md navbar-light bg-light rounded shadow-sm navbar-msg-detail my-2"> <button type="button" class="navbar-toggler" data-bs-toggle="collapse" data-bs-target="#id-navbar-top" aria-expanded="false"> <span class="navbar-toggler-icon"></span> </button> <!-- Collect the nav links, forms, and other content for toggling --> <div class="collapse navbar-collapse navbar-detail px-5" id="id-navbar-top"> <ul class="navbar-nav"> <li class="nav-item" title="Previous by date"> <a class="nav-link previous-in-list" href="/arch/msg/httpbisa/6wfG4H8w7otsMYHGD48lRe05Lno/" aria-label="previous in list"> <span class="fa fa-chevron-left" aria-hidden="true"></span> </a> </li> <li class="nav-item" title="Date Index"> <a class="nav-link date-index" href="/arch/browse/httpbisa/?index=D0aIS1ZOfgROhcELGJZY7nIRgM8">Date</a> </li> <li class="nav-item" title="Next by date"> <a class="nav-link next-in-list" href="/arch/msg/httpbisa/xX5WcOPFcas-RUKwHSpf7N-LU5o/" aria-label="next in list"> <span class="fa fa-chevron-right" aria-hidden="true"></span> </a> </li> <li class="nav-item" title="Previous in thread"> <a class="nav-link previous-in-thread" href="/arch/msg/httpbisa/6wfG4H8w7otsMYHGD48lRe05Lno/" aria-label="previous in thread"> <span class="fa fa-chevron-left" aria-hidden="true"></span> </a> </li> <li class="nav-item" title="Thread Index"> <a class="nav-link thread-index" href="/arch/browse/httpbisa/?gbt=1&amp;index=D0aIS1ZOfgROhcELGJZY7nIRgM8">Thread</a> </li> <li class="nav-item" title="Next in thread"> <a class="nav-link next-in-thread" href="/arch/msg/httpbisa/xX5WcOPFcas-RUKwHSpf7N-LU5o/" aria-label="next in thread"> <span class="fa fa-chevron-right" aria-hidden="true"></span> </a> </li> </ul> <ul class="nav navbar-nav navbar-right"> </ul> </div><!-- /.navbar-collapse --> </nav> <div class="row"> <div class="msg-detail col-md-8 pt-3" data-static-date-index-url="/arch/browse/static/httpbisa/2025-02/#D0aIS1ZOfgROhcELGJZY7nIRgM8" data-static-thread-index-url="/arch/browse/static/httpbisa/thread/2025-02/#D0aIS1ZOfgROhcELGJZY7nIRgM8" data-date-index-url="/arch/browse/httpbisa/?index=D0aIS1ZOfgROhcELGJZY7nIRgM8" data-thread-index-url="/arch/browse/httpbisa/?gbt=1&amp;index=D0aIS1ZOfgROhcELGJZY7nIRgM8"> <div id="msg-body" data-message-url="https://mailarchive.ietf.org/arch/msg/httpbisa/D0aIS1ZOfgROhcELGJZY7nIRgM8/"> <div id="message-links"> <a href="mailto:ietf-http-wg@w3.org?subject=Re: _HttpOnly cookie prefix?" class="reply-link" title="Reply"><i class="fas fa-reply fa-lg"></i></a> <a href="/arch/msg/httpbisa/D0aIS1ZOfgROhcELGJZY7nIRgM8/download/" class="download-link" title="Message Download"><i class="fa fa-download fa-lg"></i></a> <a href="https://mailarchive.ietf.org/arch/msg/httpbisa/D0aIS1ZOfgROhcELGJZY7nIRgM8/" class="detail-link" title="Message Detail"><i class="fa fa-link fa-lg"></i></a> </div> <h3>_HttpOnly cookie prefix?</h3> <p id="msg-info" class="msg-header"> <span id="msg-from" class="pipe">Yoav Weiss &lt;yoav.weiss@shopify.com&gt;</span> <span id="msg-date" class="pipe">Wed, 19 February 2025 13:12 UTC</span> </p> <div id="msg-header" class="msg-header"> <p> Received: by ietfa.amsl.com (Postfix) id 352CDC1DA2C1; Wed, 19 Feb 2025 05:12:55 -0800 (PST)<br /> Delivered-To: ietfarch-httpbisa-archive-bis2juki@ietfa.amsl.com<br /> Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 34741C1D5304 for &lt;ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com&gt;; Wed, 19 Feb 2025 05:12:55 -0800 (PST)<br /> X-Virus-Scanned: amavisd-new at amsl.com<br /> X-Spam-Flag: NO<br /> X-Spam-Score: -3.006<br /> X-Spam-Level: <br /> X-Spam-Status: No, score=-3.006 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no<br /> Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=w3.org header.b=&quot;ozZVvSUY&quot;; dkim=pass (2048-bit key) header.d=w3.org header.b=&quot;Zuf0sPEp&quot;; dkim=pass (1024-bit key) header.d=shopify.com header.b=&quot;Rtcm/9JU&quot;<br /> Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hzxw9mizYUmk for &lt;ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com&gt;; Wed, 19 Feb 2025 05:12:51 -0800 (PST)<br /> Received: from mab.w3.org (mab.w3.org [IPv6:2600:1f18:7d7a:2700:d091:4b25:8566:8113]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 15A90C1840D4 for &lt;httpbisa-archive-bis2Juki@ietf.org&gt;; Wed, 19 Feb 2025 05:12:31 -0800 (PST)<br /> DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=Subject:Content-Type:Cc:To:Message-ID:Date:From:MIME-Version:Reply-To :In-Reply-To:References; bh=RTI8FX7nQEnLRgt1a+vksL2sU26WLXjGlu/633DDgtw=; b=o zZVvSUYLPisyH6sd3kp6YmmMVnZrRUbjtMSywILUnfSqn2hPiyInzaIF0CUnQUSJLIGpeZFMbNSjy 8SDF16yQUAEY5l8sE4+kw4Kla/kCum/Gng0I6fBFVZJtAcEUBNnegnHx1Aoy6sGeBmCwJfcqTl5V/ uA/BtBWZcIyOJumLB1OGQ4f4m8E+cpxOx97lgP68APe3OvkpWH5d5knMBX4iDZoRKBr47rb9/u2jv 6EvA06A+qXKh6FJSP/pNTggEZ17xDqYs0YZeBgWjf/H/QdD+u91ntaB0dBJdb6DQiBdZNktAqyf+S FFL+paEqZkEzkonjwpG3ZpxkkmhbsU5Cg==;<br /> Received: from lists by mab.w3.org with local (Exim 4.96) (envelope-from &lt;ietf-http-wg-request@listhub.w3.org&gt;) id 1tkjrO-00HXP3-1y for ietf-http-wg-dist@listhub.w3.org; Wed, 19 Feb 2025 13:11:30 +0000<br /> Resent-Date: Wed, 19 Feb 2025 13:11:30 +0000<br /> Resent-Message-Id: &lt;E1tkjrO-00HXP3-1y@mab.w3.org&gt;<br /> Received: from ip-10-0-0-144.ec2.internal ([10.0.0.144] helo=pan.w3.org) by mab.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from &lt;yoav.weiss@shopify.com&gt;) id 1tkjrM-00HXOB-1X for ietf-http-wg@listhub.w3.internal; Wed, 19 Feb 2025 13:11:28 +0000<br /> DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=Content-Type:Cc:To:Subject:Message-ID:Date:From:MIME-Version:Reply-To :In-Reply-To:References; bh=RTI8FX7nQEnLRgt1a+vksL2sU26WLXjGlu/633DDgtw=; t=1739970688; x=1740834688; b=Zuf0sPEp7Jo8vpQv7HJOsY6mne5JmGpr9QXfKjs7xE+2kKH kq2ROQIlxPkKvjzjAPtQ2NFF5ZTLxRAzkJVjdosQVGJ9qqevfAloYxIu+j0QdtIqsMHT0J7R/1G52 WOKhJGVoxvdXNKsRX1QEUge31L1G3T0KWBuo4yVSWUrS9i7/96IXG+Tu8O6I46lzaGVt31bhgLWS2 km7vL/I0rJL7iEOXrxDBiFH8fBekE/xjnmAZIuuqyYahxy/IHhqnZZHsrxK72/Yhi3OQFAzQA95JX mMWHC7YTmFXHnYGWRwcE6mB5qhxrluhF6Z8l6Cro/y/4CDn21elMxZhf1dwozFxg==;<br /> Received-SPF: pass (pan.w3.org: domain of shopify.com designates 2607:f8b0:4864:20::d2a as permitted sender) client-ip=2607:f8b0:4864:20::d2a; envelope-from=yoav.weiss@shopify.com; helo=mail-io1-xd2a.google.com;<br /> Received: from mail-io1-xd2a.google.com ([2607:f8b0:4864:20::d2a]) by pan.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from &lt;yoav.weiss@shopify.com&gt;) id 1tkjrL-00Gmzs-2f for ietf-http-wg@w3.org; Wed, 19 Feb 2025 13:11:28 +0000<br /> Received: by mail-io1-xd2a.google.com with SMTP id ca18e2360f4ac-855bb6041a6so12154539f.0 for &lt;ietf-http-wg@w3.org&gt;; Wed, 19 Feb 2025 05:11:27 -0800 (PST)<br /> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shopify.com; s=google; t=1739970684; x=1740575484; darn=w3.org; h=cc:to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=RTI8FX7nQEnLRgt1a+vksL2sU26WLXjGlu/633DDgtw=; b=Rtcm/9JUojb7VQJEKt0RRrOj8S9S3IPImjeTWxryZ5F8lIhNv/VCUgXOuduKNB64PI XCYSrKoFeBmAY+HraqB2qxcOH19qLKVgwkxJ9mis7tIn2URLCzUn2BTrk5I4VwNrf7yS uC6u3nyF+a11mB8m4FwG99qyZgodegdGbHsH8=<br /> X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739970684; x=1740575484; h=cc:to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=RTI8FX7nQEnLRgt1a+vksL2sU26WLXjGlu/633DDgtw=; b=cVn3LgAdeyUP+377gVyn/HyC+o7iOYBivYqUHYlCaGbXhvdD746/O81RRDe/Mn1tHl CjXmkwCaRLuhvXv2z6Z9s1pYADsMyIUeaVPUxPqZmkxR/F4dXdF/UTw4IS3rz2WOqi5j 1Ki23iJ+5rgMc+74brVSaLQqHG8k94x3dcWeUVdKpqe9nzHX6d/O6zyotnllrkrjhXpU T09jNY4krxSScojaomDNVFESpZkBQ2n70hU3B3jNOfaE/NzXiGPGqnZ0LReENv0al5z8 4zuDCIYEQwcaChfde0KiunzB00RZbfoZBkVXrFMED8D3pKAxveqpktkBAuaxQ7pv/T3g xf6w==<br /> X-Gm-Message-State: AOJu0Ywz6L7yjQy0NTSBOM8IAbe/Qzjuxd0S26lhLSoRLkYJXSp8yI/q O9GGM3aURXgdfIyVmQhitaqDZ6ZBLEzaEPUsL/xUW1YEUIQW/RaIzOMXozT+SOYqrrOsHP63A9d n1DEyGz+2DSNfg4oTsnExXmA9EIGEXgF254uXottLGcD72vFS<br /> X-Gm-Gg: ASbGnctpBtbkvlnezK5k+RgrrQKIlsUHQSd26TPwBg+RZGH59tHnQTjJGjoiDqBNjgr YKURWFdmBJ8/wPF5Jy/DGuLBEHq0nNun7ZHDNdKMgBP/4sAyzHTontgDLqdiFNpWGNUKNZFRgxf 2XvpdyF8bE8XqgAJdHnFka9EUgnIS1<br /> X-Google-Smtp-Source: AGHT+IF873y1YXwywGhJZoRDziQECGXZtsEyJEOeZkgY4PVquHfgXTY2F3yrhmhk4SzU8nB6YSxSMchnQMSzxLoFhYc=<br /> X-Received: by 2002:a05:6e02:174a:b0:3a7:87f2:b010 with SMTP id e9e14a558f8ab-3d2b526eda6mr37462805ab.5.1739970683105; Wed, 19 Feb 2025 05:11:23 -0800 (PST)<br /> MIME-Version: 1.0<br /> From: Yoav Weiss &lt;yoav.weiss@shopify.com&gt;<br /> Date: Wed, 19 Feb 2025 14:11:11 +0100<br /> X-Gm-Features: AWEUYZn2a0z5ugRPf8mgig78IKw51Ci8_Q7uwC1w6F1p066kS3-E7_1eyr3905Q<br /> Message-ID: &lt;CALYmMadk67jcc9y5aP26QFFy5oo7e+qNspL8qv-jF62AhN8UBg@mail.gmail.com&gt;<br /> To: HTTP Working Group &lt;ietf-http-wg@w3.org&gt;<br /> Cc: Anne van Kesteren &lt;annevk@annevk.nl&gt;, Johann Hofmann &lt;johannhof@google.com&gt;, Matt Metzger &lt;matthew.metzger@shopify.com&gt;<br /> Content-Type: multipart/alternative; boundary=&quot;0000000000007caa40062e7e7e7b&quot;<br /> X-W3C-Hub-DKIM-Status: validation passed: (address=yoav.weiss@shopify.com domain=shopify.com), signature is good<br /> X-W3C-Hub-Spam-Status: No, score=-9.3<br /> X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.191, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, DMARC_PASS=-0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1<br /> X-W3C-Scan-Sig: pan.w3.org 1tkjrL-00Gmzs-2f e06a1cace648c457d37a088e381edc8d<br /> X-Original-To: ietf-http-wg@w3.org<br /> Subject: _HttpOnly cookie prefix?<br /> Archived-At: &lt;https://www.w3.org/mid/CALYmMadk67jcc9y5aP26QFFy5oo7e+qNspL8qv-jF62AhN8UBg@mail.gmail.com&gt;<br /> Resent-From: ietf-http-wg@w3.org<br /> X-Mailing-List: &lt;ietf-http-wg@w3.org&gt; archive/latest/52831<br /> X-Loop: ietf-http-wg@w3.org<br /> Resent-Sender: ietf-http-wg-request@w3.org<br /> Precedence: list<br /> List-Id: &lt;ietf-http-wg.w3.org&gt;<br /> List-Help: &lt;https://www.w3.org/email/&gt;<br /> List-Post: &lt;mailto:ietf-http-wg@w3.org&gt;<br /> List-Unsubscribe: &lt;mailto:ietf-http-wg-request@w3.org?subject=unsubscribe&gt;<br /> </p> </div> <div class="msg-payload"> <pre class="wordwrap">Hey folks! There are cases where it&#x27;s important to distinguish on the server side between cookies that were set by the server and ones that were set by the client. One such case are cookies that are normally *always* set by the server, unless some unexpected code (an XSS exploit, a malicious extension, a commit from a confused developer, etc) happens to set them on the client. It seems important to add some (opt-in) signal that would enable the server to make such a distinction. Looking at the current prefixes &lt;https://httpwg.org/http-extensions/draft-ietf-httpbis-rfc6265bis.html#section-4.1.3&gt;, it might be fitting to add an &quot;__HttpOnly&quot; prefix that would have the following semantics: * The cookie is rejected if it&#x27;s set as a client-side cookie, rather than through a `Set-Cookie` header * The cookie is rejected if it&#x27;s set without an &quot;HttpOnly&quot; attribute &lt;https://httpwg.org/http-extensions/draft-ietf-httpbis-rfc6265bis.html#name-the-httponly-attribute-2&gt; Does this make rough sense? If so, I&#x27;ll draft up something more formal. Cheers :) Yoav </pre> </div> <div> </div> </div> <!-- msg-body --> <div id="message-thread"> <ul class="thread-snippet"> <li class="depth-0 current-msg"><a href="/arch/msg/httpbisa/D0aIS1ZOfgROhcELGJZY7nIRgM8/">_HttpOnly cookie prefix?</a>&nbsp;&nbsp;Yoav Weiss</li> <li class="depth-1"><a href="/arch/msg/httpbisa/xX5WcOPFcas-RUKwHSpf7N-LU5o/">Re: _HttpOnly cookie prefix?</a>&nbsp;&nbsp;Anne van Kesteren</li> <li class="depth-2"><a href="/arch/msg/httpbisa/ldNxStQYe89YC4lXk8P47RHzWEM/">Re: _HttpOnly cookie prefix?</a>&nbsp;&nbsp;Rory Hewitt</li> <li class="depth-3"><a href="/arch/msg/httpbisa/d7A-XrfolXG3HBdA9rTUeZzSe5M/">Re: _HttpOnly cookie prefix?</a>&nbsp;&nbsp;Daniel Veditz</li> <li class="depth-2"><a href="/arch/msg/httpbisa/8oR053SZZeciHgtDhagkSwHhKyg/">Re: _HttpOnly cookie prefix?</a>&nbsp;&nbsp;Daniel Veditz</li> <li class="depth-4"><a href="/arch/msg/httpbisa/L4NowRhK0teihe7HqtBixdlFxCA/">Re: _HttpOnly cookie prefix?</a>&nbsp;&nbsp;Rory Hewitt</li> <li class="depth-5"><a href="/arch/msg/httpbisa/VDuzwKjittxEAbz9pMErKHus7m8/">Re: _HttpOnly cookie prefix?</a>&nbsp;&nbsp;Johann Hofmann</li> <li class="depth-5"><a href="/arch/msg/httpbisa/cJoVypugczpT2Qx-rujmqNPr6ck/">Re: _HttpOnly cookie prefix?</a>&nbsp;&nbsp;Daniel Veditz</li> <li class="depth-6"><a href="/arch/msg/httpbisa/mnQn4l7N8ylM5XUXlqsl1Z44-pk/">Re: _HttpOnly cookie prefix?</a>&nbsp;&nbsp;Daniel Veditz</li> <li class="depth-6"><a href="/arch/msg/httpbisa/u324RZuS4LYqRemucwMkfexHvl0/">Re: _HttpOnly cookie prefix?</a>&nbsp;&nbsp;Rory Hewitt</li> <li class="depth-4"><a href="/arch/msg/httpbisa/nWeh0lh3TFVdeiW3J-3QAf0ZyOE/">Re: _HttpOnly cookie prefix?</a>&nbsp;&nbsp;Yoav Weiss</li> <li class="depth-2"><a href="/arch/msg/httpbisa/LuzxwMj6ld1j9vjsWm20vpvJg-U/">Re: _HttpOnly cookie prefix?</a>&nbsp;&nbsp;Yoav Weiss</li> <li class="depth-3"><a href="/arch/msg/httpbisa/JvR1KXjBCl6sw61J8hjfk7rbEtc/">Re: _HttpOnly cookie prefix?</a>&nbsp;&nbsp;Yoav Weiss</li> </ul> </div> <!-- message-thread --> <div class="d-flex justify-content-center"> <ul id="navigation" class="list-inline"> <li class="list-inline-item"> <a id="toggle-nav" class="toggle js-off" href="#">Hide Navigation Bar</a> </li> </ul> </div> </div> <!-- msg-detail --> <div class="msg-aside col-md-4"></div> </div> <!-- row --> <div class="btn-toolbar msg-detail-toolbar" role="toolbar" aria-label="..."> <div class="btn-group" role="group" aria-label="..."> <a class="btn btn-default" href="/arch/msg/httpbisa/6wfG4H8w7otsMYHGD48lRe05Lno/"> <i class="fa fa-chevron-left" aria-hidden="true"></i> </a> <a class="btn btn-default" href="">Date</a> <a class="btn btn-default" href="/arch/msg/httpbisa/xX5WcOPFcas-RUKwHSpf7N-LU5o/"> <i class="fa fa-chevron-right" aria-hidden="true"></i> </a> </div> <div class="btn-group" role="group" aria-label="..."> <a class="btn btn-default" href="/arch/msg/httpbisa/6wfG4H8w7otsMYHGD48lRe05Lno/"> <i class="fa fa-chevron-left" aria-hidden="true"></i> </a> <a class="btn btn-default" href="">Thread</a> <a class="btn btn-default" href="/arch/msg/httpbisa/xX5WcOPFcas-RUKwHSpf7N-LU5o/"> <i class="fa fa-chevron-right" aria-hidden="true"></i> </a> </div> </div> <nav class="navbar navbar-expand-md navbar-light bg-light rounded shadow-sm navbar-msg-detail my-2"> <button type="button" class="navbar-toggler" data-bs-toggle="collapse" data-bs-target="#id-navbar-bottom" aria-expanded="false"> <span class="navbar-toggler-icon"></span> </button> <!-- Collect the nav links, forms, and other content for toggling --> <div class="collapse navbar-collapse navbar-detail px-5" id="id-navbar-bottom"> <ul class="navbar-nav"> <li class="nav-item" title="Previous by date"> <a class="nav-link previous-in-list" href="/arch/msg/httpbisa/6wfG4H8w7otsMYHGD48lRe05Lno/" aria-label="previous in list"> <span class="fa fa-chevron-left" aria-hidden="true"></span> </a> </li> <li class="nav-item" title="Date Index"> <a class="nav-link date-index" href="/arch/browse/httpbisa/?index=D0aIS1ZOfgROhcELGJZY7nIRgM8">Date</a> </li> <li class="nav-item" title="Next by date"> <a class="nav-link next-in-list" href="/arch/msg/httpbisa/xX5WcOPFcas-RUKwHSpf7N-LU5o/" aria-label="next in list"> <span class="fa fa-chevron-right" aria-hidden="true"></span> </a> </li> <li class="nav-item" title="Previous in thread"> <a class="nav-link previous-in-thread" href="/arch/msg/httpbisa/6wfG4H8w7otsMYHGD48lRe05Lno/" aria-label="previous in thread"> <span class="fa fa-chevron-left" aria-hidden="true"></span> </a> </li> <li class="nav-item" title="Thread Index"> <a class="nav-link thread-index" href="/arch/browse/httpbisa/?gbt=1&amp;index=D0aIS1ZOfgROhcELGJZY7nIRgM8">Thread</a> </li> <li class="nav-item" title="Next in thread"> <a class="nav-link next-in-thread" href="/arch/msg/httpbisa/xX5WcOPFcas-RUKwHSpf7N-LU5o/" aria-label="next in thread"> <span class="fa fa-chevron-right" aria-hidden="true"></span> </a> </li> </ul> <ul class="nav navbar-nav navbar-right"> </ul> </div><!-- /.navbar-collapse --> </nav> </div> </div> <!-- END Content --> <div class="footer scrolling"> <p class="small text-center">v2.29.0 | <a href="https://github.com/ietf-tools/mailarch/issues">Report a Bug</a> | <a href="mailto:tools-help@ietf.org">By Email</a> | <a href="https://status.ietf.org">System Status</a></p> </div> </div> <!-- END Container --> <script src="https://static.ietf.org/mailarchive/2.29.0/jquery/js/jquery-3.6.0.min.js" crossorigin="anonymous"></script> <script src="https://static.ietf.org/mailarchive/2.29.0/bootstrap-5.1.1-dist/js/bootstrap.bundle.min.js" crossorigin="anonymous"></script> <script type="text/javascript" src="https://static.ietf.org/mailarchive/2.29.0/jquery.cookie/jquery.cookie.js"></script> <script type="text/javascript" src="https://static.ietf.org/mailarchive/2.29.0/mlarchive/js/base.js"></script> <script type="text/javascript" src="https://static.ietf.org/mailarchive/2.29.0/jquery.cookie/jquery.cookie.js"></script> <script type="text/javascript" src="https://static.ietf.org/mailarchive/2.29.0/mlarchive/js/detail.js"></script> <!-- debug_toolbar_here --> <script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'915850c02e623ff3',t:'MTc0MDE1NzQ2NS4wMDAwMDA='};var a=document.createElement('script');a.nonce='';a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange||function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();</script></body> </html>