---
title: Enable HTTP Only Cookies
description: When true, cookies are flagged as HTTPOnly. Use this property to prevent scripts and third-party programs from accessing the cookies.
component: java-agents
version: 2025.11
page_id: java-agents:properties-reference:com.sun.identity.cookie.httponly
canonical_url: https://docs.pingidentity.com/java-agents/2025.11/properties-reference/com.sun.identity.cookie.httponly.html
---

# Enable HTTP Only Cookies

When `true`, cookies are flagged as `HTTPOnly`. Use this property to prevent scripts and third-party programs from accessing the cookies.

|                          |                                                                                                                                          |
| ------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------- |
| Property name            | `com.sun.identity.cookie.httponly`                                                                                                       |
| Aliases                  | `com.sun.identity.cookie.httponly`   Introduced in Java Agent 5.0   [Recognized](preface.html#how_am_manages_multiple_aliases) from AM 7 |
| Function                 | Cookie                                                                                                                                   |
| Type                     | Boolean: `true` returns true; all other strings return `false`.                                                                          |
| Default                  | `true`                                                                                                                                   |
| Bootstrap property       | No                                                                                                                                       |
| Required property        | No                                                                                                                                       |
| Restart required         | No                                                                                                                                       |
| Local configuration file | `AgentConfig.properties`                                                                                                                 |
| AM console               | Tab: `SSO (from AM 7)`Title: `Enable HTTP Only Cookies`Legacy title: `Http Only`                                                         |