HTTP cookie as defined in RFC 6265 can be set with a Secure flag which tells the browser to never send this cookie back to the server unless accessed over TLS-protected https:// link. For example:

Set-Cookie: name=value; Secure

Logically, the Secure cookies should be only set by TLS websites, but due to a number of broken insecure (http://) websites setting such cookies new browsers introduced strict secure cookies policy, which effectively ignores any cookies with Secure flag set on non-TLS websites.