[9] 
[CITE@en-us[Mitigating Cross-site Scripting With HTTP-only Cookies]] ([CODE[2007-01-18 14:03:44 +09:00]] 版) <http://msdn.microsoft.com/workshop/author/dhtml/httponly_cookies.asp>

[8] 
[CITE[httpOnly cookie flag support in PHP 5.2 - iBlog - Ilia Alshanetsky]] ([CODE[2007-01-18 14:04:40 +09:00]] 版) <http://ilia.ws/archives/121-httpOnly-cookie-flag-support-in-PHP-5.2.html>

[7] 
[CITE[Bug 178993 &#8211; MSIE-extension: HttpOnly cookie attribute for cross-site scripting vulnerability prevention]] ([CODE[2007-01-18 14:05:01 +09:00]] 版) <https://bugzilla.mozilla.org/show_bug.cgi?id=178993>

[6] 
[CITE[robubu &#187; Blog Archive &#187; HttpOnly please]] ([TIME[2007-01-18 14:02:56 +09:00]] 版) <http://robubu.com/?p=15>

[1] [CITE[ietf-httponly-wg | Google グループ]] ([TIME[2008-11-21 17:43:26 +09:00]] 版) <http://groups.google.com/group/ietf-httponly-wg?pli=1>

[2] [CITE[HTTPOnly Fix In MSXML ha.ckers.org web application security lab]] ([TIME[2008-11-21 17:47:39 +09:00]] 版) <http://ha.ckers.org/blog/20081111/httponly-fix-in-msxml/>

[3] [CITE[Bug 380418 – XMLHttpRequest allows reading HTTPOnly cookies]] ([TIME[2008-11-21 17:49:08 +09:00]] 版) <https://bugzilla.mozilla.org/show_bug.cgi?id=380418>

[4] [CITE@en[(X)HTML5 Tracking]] ([TIME[2008-12-02 19:46:38 +09:00]] 版) <http://html5.org/tools/web-apps-tracker?from=2516&to=2517>

[5] [CITE[Scope of HTTPOnly Cookies]] ([TIME[2008-12-15 19:00:11 +09:00]] 版) <http://docs.google.com/View?docid=dxxqgkd_0cvcqhsdw>