[Cross-Site Scripting] Implement a way to hide the cookies in drills

The cookies are held client side because the implementation was easier this way, however during SSSv11 the participants thoughts the challenges were done and didn't attempt to solve them the intended way :(.
Maybe keep them server side or only set them if the payload is right (and can't be multiple variants)?