What are HTTPOnly cookies?

HTTPOnly cookies are website cookies marked with the HTTPOnly attribute, which prevents client-side scripts from capturing data stored on these cookies. This reduces the risk of cross-site scripting attacks (XSS) in which an attacker injects malicious scripts into a website and runs them in the background without users’ knowledge.