Is the Agent Configuration Object (ACO) parameter 'UseHTTPOnlyCookies' specific to Microsoft Internet Explorer ? And How does it protect against cross site scripting attacks?