A cookie may be set to be an HttpOnly cookie. Setting a cookie to be HttpOnly results in (Choose two)
A.
Client to not expose the cookie to client side scripting code
B.
Does not work with https protocol
C.
prevent certain types of cross-site scripting attacks
D.
There is no such thing as an HttpOnly cookie
Explanation:
http://docs.oracle.com/javaee/6/api/javax/servlet/http/Cookie.html
A,C