How to prevent Cross-Site Scripting
Some libraries, for example ReactJS, provide proactive protection when all output data is automatically escaped.
HttpOnly flag for Cookie
When the server sends an HTTP response, it can set the HttpOnly flag for titles that setting Cookie.
HTTP/1.1 200 OK Set-Cookie: PHPSESSID=5f4dcc3b5aa765d61d8327deb882cf99; path=/; HttpOnly Content-Length: 283
document.cookie. All Cookies associated with user authorization must be set this