google-chromecookiesgoogle-chrome-devtoolshttponly
Chrome developer tools > resources > cookies > http column, does a checkmark here indicate HttpOnly cookie?
Does the checkmark at the Http column of Chrome devtool's Cookie resource panel indicate a HttpOnly cookie?
I can't find docs that confirm this, though I suspect it is the case. I am trying to verify my app is using HttpOnly for session cookies.
Solution
Yes. Enter document.cookie in the console, and you'll see that none of the checked cookies are visible.
HTTP = HttpOnly flag, Secure = secure flag.