Which browsers do support HttpOnly cookies?

Question

Which browsers do support HttpOnly cookies, and since which version?

Please see http://www.codinghorror.com/blog/archives/001167.html for a discussion of HttpOnly cookies and XSS-prevention.

Answer 1

Feel free to add to this list:

• Internet Explorer since 6 sp1 (source, source)
• Firefox since 2.0.0.5 (source)
• Opera since 9.5 (possibly earlier) (source)
• Safari since 4 (source)
• Chrome since 1.0.154 (source)

Answer 2

Up to date results can be found here:

http://www.browserscope.org/?category=security

(linked from the OWASP article mentioned above)

Answer 3

OWASP have this documented. See http://www.owasp.org/index.php/HttpOnly

Answer 4

All major browsers support HttpOnly.

• Microsoft IE 5.0+
• Mozilla Firefox 1.0+
• Google Chrome
• Apple Safari
• Opera 8.0+