iRule handlin of HTTPOnly ?

All,

 

One problem facing sites is that of XSS attacks that could steal their users' cookies. Microsoft has published an RFC for adding an additional attribute to cookies called "HTTPOnly" that stipulates to the browser that the cookie's content is not accessible to (java)scripts.

 

 

A decent description can be found here:

 

http://msdn.microsoft.com/workshop/author/dhtml/httponly_cookies.asp

 

 

My question: Are there any indications of support for the HTTPOnly flag in iRules? I know you can set the "secure" flag, and that is a good start, but one more layer of protection rarely hurts!