Which of the statements listed below are true Session fixation attacks can occur when a user is assigned a session ID that was previously created by an attacker. HTTP is not susceptible to man$-$in$-$the$-$middle attacks. A HSTS header tells web browsers to only communicate with a website using encrypted connections and to never attempt to communicate with it using an insecure connection. WebAuthn can be used for passwordless authentication, eliminating the need for users to remember multiple passwords.