Cross-site scripting vulnerabilities in web browsers allow malicious sites to grab cookies from a vulnerable site. The goal of such attacks might be to perform session fixation or to impersonate a valid user. You can configure Access Gateway to set its authentication cookie with the HttpOnly keyword to prevent scripts from accessing the cookie.
To enable this option, perform the following steps:
Click Devices > Access Gateways > Edit > Reverse Proxy / Authentication.
Select Force HTTP-Only Cookies, then click OK > OK.
Update Access Gateway.