strict Secure cookies

Chrome 52 and Opera 39 introduced support for strict Secure cookies which is a new behavior (or more precisely, more unambiguous behavior) for the HTTP cookies with Secure flag — they can no longer be set by plaintext (non-https) websites.

So far, as result of a slightly undefined behavior in the cookie standard, the Secure cookies could not be read by plaintext HTTP websites but they could have been set by them which opened a possibility for secure deletion attacks. This change attempts to further strengthen the control over secure cookies.

WebCookies.org detects such cookies and warns about them in the general cookie report results.

Fully automated RESTful API is now available. Subscribe for your free trial today!