SN System Properties Reference
Property reference

glide.cookies.http_only

The glide.cookies.http_only property enables the generation of HTTP only cookies when set to true. This enhances security by preventing client-side scripts from accessing the cookies, making it important for protecting sensitive session data.

Default: true Type: boolean Application: Global

Key questions about this property

The answers below summarize the purpose, scope, default effect, and review scenarios for this property.

What does it do? This property determines whether HTTP only cookies are generated, which restricts access to cookies from client-side scripts.
What area does it affect? Cookie Management
What does the default mean? The default value is "true", which means this behavior is enabled by default.
When should you review it? Review this property when configuring security settings for web applications.

Out of the box property record

Raw metadata from the property record.

Property name glide.cookies.http_only
Sys ID 8ac4395e8d34021087de63ac7f1f0039
Type boolean
Application Global
Default value true
Description Enables (true) or disables (false) the generation of HTTP only cookies.
Updated 2024-05-25 04:34:23

Sources

Official references and nearby text excerpts where this property appears.

Documentation excerpt View supporting context
Context preview Snippet 1
... value of 60. Documentation sn_SE10204 1 Act Cookies HTTP Only should be enabled Session Cookies on the application authenticate an end user and provide Either update the value of the glide.cookies.http_only system property to Documentation © 2026 ServiceNow, Inc. All rights reserved. ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the ...
Documentation excerpt View supporting context
Context preview Snippet 2
... names for product models if the name of the product model contains the manufacturer name. • Type: true | false • Default value: false • Location: System Property [sys_properties] table glide.cookies.http_only Enables (true) or disables (false) the generation of HTTP-only cookies. Set this property to false to use Approval with E-Signature. • Type: true | false • Default value: true • ...
Documentation excerpt View supporting context
Context preview Snippet 3
... in an iframe of another page. • Security Risk ◦(Old‎ <blank> ◦(New‎ This can lead to a clickjacking attack. Enable HTTP Only Cookie Flag • Description ◦(Old‎ <blank> ◦(New‎ If "glide.cookies.http_only" is not set to the recommended value of "true", then the instance does not require the HTTPOnly attribute for sensitive cookies. • Security Risk ◦(Old‎ <blank> ◦(New‎ The HTTPOnly attribute ...
Additional source link Another external reference for this property
Open reference