Tell them they know better than all Authentification providers then :p More seriously, when it's about security you can't trust the browser side: anyone can get it.

Trust me I did that. Told me "Check a way to persist cookies". Unfortunately, I am new to this 😕 and my first time doing this so I don't have much say in this. I thought maybe there will be a way to get it from headers.