[&] How does the 'HTTP only' attribute enhance cookie security?
- By extending the lifespan of a cookie
- By ensuring cookies are only sent over encrypted connections
- By preventing client-side scripts from accessing cookies
- By allowing cookies to be sent in both first and third-party contexts

[&] Which of the following best describes a secure cookie?
- A cookie that never expires
- A cookie that blocks all JavaScript access
- A cookie that can be shared across multiple domains
- A cookie only transmitted over HTTPS

[&] What is the primary function of cookies in web browsers?
- To retain user information across sessions
- To prevent unauthorized access to server files
- To encrypt data being sent over the internet
- To facilitate faster loading of web pages

[&] What is required when setting the SameSite attribute mode to 'None'?
- The cookie must block JavaScript access
- The cookie must be set to expire quickly
- The cookie must be available cross-domain
- The secure attribute must be set

[&] Which cookie attribute restricts cookies from being sent with cross-site requests to help prevent CSRF attacks?
- SameSite
- Persistent
- HTTP only
- Secure

[&] What does the expiration or max age parameter control in cookies?
- How long a cookie persists before being deleted
- How frequently cookies are updated
- How secure the cookie remains over its lifespan
- How cookies are sent across domains