RFC 6265 can be set with a Secure flag which ...">

WebCookies logo Web Cookies Scanner

All-in-one free web application security tool. Web application vulnerability and privacy scanner with support for HTTP cookies, Flash, HTML5 localStorage, sessionStorage, CANVAS, Supercookies, Evercookies. Includes a free SSL/TLS, HTML and HTTP vulnerability scanner and URL malware scanner.

What is Secure HTTP cookie?

HTTP cookie as defined in RFC 6265 can be set with a Secure flag which tells the browser to never send this cookie back to the server unless accessed over TLS-protected https:// link. For example:

Set-Cookie: name=value; Secure

Logically, the Secure cookies should be only set by TLS websites, but due to a number of broken insecure (http://) websites setting such cookies new browsers introduced strict secure cookies policy, which effectively ignores any cookies with Secure flag set on non-TLS websites.

Fully automated RESTful API is now available. Subscribe for your free trial today!