Currently, under Advance Tracking we have "Use secure cookies only" option but there is no "HttpOnly" option.
Cookies without the "HTTPOnly" attribute are permitted to be accessed via JavaScript. Cross-site scripting attacks can steal cookies which could lead to user impersonation or compromise of the application account.