

HttpOnly cookies are accessible to Javascript - jorangreef
http://www.deadliestwebattacks.com/2010/05/cross-site-tracing-xst-misunderstood.html

======
jorangreef
See also: [http://www.cgisecurity.com/whitehat-mirror/WH-
WhitePaper_XST...](http://www.cgisecurity.com/whitehat-mirror/WH-
WhitePaper_XST_ebook.pdf)

