The Agent Configuration Object (ACO) parameter 'UseHTTPOnlyCookies' helps protect against cross-site scripting attacks using an 'HTTP-Only' cookie attribute .
To help protect against cross-site scripting attacks, you can make the Web Agent set the HTTP-Only attribute for any cookies it creates using the following parameter: UseHTTPOnlyCookies. Additional information on protecting data with HTTP-only Cookies can be obtained from the MSDN website at:
A new HTTPOnly attribute was introduced to cookies for Internet Explorer 6SP1. This attribute specified that a cookie not be accessible through script. To correspond with this attribute, A new Agent Configuration Object (ACO) parameter "UseHTTPOnlyCookies" was introduced in 6QMR5 HF06 to create HTTP-Only cookies in SiteMinder web agent. This parameter adds a HTTP-Only flag to all SiteMinder cookies if the value is set to YES. (Refer Tech Document: TEC486169).
This parameter was therefore created specific to the IE attribute.
Most other modern browsers (as of writing this KB article) also support the HTTP-Only flag although it may not be as properly enforced.