httpOnly: true. Only possible values for
mysite2interact with the same web server (same host and IP address), the cookies will not be shared.
mysite1. Cookies isolation prevents 95%+ of CRSF attacks.