Chrome 52 and Opera 39 introduced support for strict Secure cookies which is a new behavior (or more precisely, more unambiguous behavior) for the HTTP cookies with Secure flag — they can no longer be set by plaintext (non-https) websites.

So far, as result of a slightly undefined behavior in the cookie standard, the Secure cookies could not be read by plaintext HTTP websites but they could have been set by them which opened a possibility for secure deletion attacks. This change attempts to further strengthen the control over secure cookies. detects such cookies and warns about them in the general cookie report results.