What is Secure HTTP cookie?
HTTP cookie as defined in RFC 6265 can be set with a
Secure flag which tells the browser to never send this cookie back to the server unless accessed over TLS-protected
https:// link. For example:
Set-Cookie: name=value; Secure
Logically, the Secure cookies should be only set by TLS websites, but due to a number of broken insecure (
http://) websites setting such cookies new browsers introduced strict secure cookies policy, which effectively ignores any cookies with Secure flag set on non-TLS websites.