How can you secure your HTTP cookies against XSS attacks?