Specifies if the cookie should be used only for HTTP communication.
This attribute is defined in RFC 2965 and was previously used in Netscape cookie specification. From RFC 6265:
The HttpOnly attribute limits the scope of the cookie to HTTP requests. In particular, the attribute instructs the user agent to omit the cookie when providing access to cookies via "non-HTTP" APIs (such as a web browser API that exposes cookies to scripts).