experimental/Security Features/CWE-1004/CookieWithoutHttpOnly.ql