How HttpOnly cookies help mitigate XSS attacks 🍪 TLDR: HttpOnly cookies do not prevent cross-site scripting (XSS) attacks, but they do lessen the impact and prevent the need to sign out users after the XSS is patched. HttpOnly cookies are not a substitute for XSS prevention measures. Our very first architecture decision at Clerk was…

Read More