Translations:Manual:$wgCookieHttpOnly/6/en

This can mitigate some classes of XSS attacks.