$httpOnly public property
Whether the cookie should be accessible only through the HTTP protocol. By setting this property to true, the cookie will not be accessible by scripting languages, such as JavaScript, which can effectively help to reduce identity theft through XSS attacks.
public boolean $httpOnly = true