…16 Cookie Prefixes draft-west-cookie-prefixes-05 Abstract This document updates RFC6265 by adding a set of restrictions upon the names which may be used for cookies with specific properties. These restrictions enable user agents to smuggle cookie state to the server within the co…
…P that is defined to apply to entire host domains, such as the Cookie protocol [RFC6265], can allow information set by one service to impact communication with other services within a matching group of host domains. The process for authoritative access to an "https" identified re…
… that is defined to apply to entire host domains, such as the Cookie protocol [ RFC6265 ], can allow information set by one service to impact communication with other services within a matching group of host domains. The process for authoritative access to an "https" identified r…
… that is defined to apply to entire host domains, such as the Cookie protocol [ RFC6265 ], can allow information set by one service to impact communication with other services within a matching group of host domains. The process for authoritative access to an "https" identified r…
… that is defined to apply to entire host domains, such as the Cookie protocol [ RFC6265 ], can allow information set by one service to impact communication with other services within a matching group of host domains. The process for authoritative access to an "https" identified r…
… that is defined to apply to entire host domains, such as the Cookie protocol [ RFC6265 ], can allow information set by one service to impact communication with other services within a matching group of host domains. The process for authoritative access to an "https" identified r…
… that is defined to apply to entire host domains, such as the Cookie protocol [ RFC6265 ], can allow information set by one service to impact communication with other services within a matching group of host domains. The process for authoritative access to an "https" identified r…
…Public suffix: "A domain that is controlled by a public registry." (Quoted from RFC6265 ], Section 5.3 ) A common definition for this term is a domain under which subdomains can be registered by third parties and on which HTTP cookies (which are described in detail in RFC6265 ) s…
…e quickly, thanks to the cache. Note that the Set-Cookie response header field [RFC6265] does not inhibit caching; a cacheable response with a Set-Cookie header field can be (and often is) used to satisfy subsequent requests to caches. Servers who wish to control caching of these…
…esource's host using HTTP or HTTP-over-Secure-Transport. For example, cookies ([RFC6265]) may be flagged as Secure. UAs are to send such Secure cookies to their addressed host only over a secure transport. This is in contrast to non-Secure cookies, which are returned to the host …
…source's host using HTTP or HTTP-over-Secure-Transport. For example, cookies ([ RFC6265 ]) may be flagged as Secure. UAs are to send such Secure cookies to their addressed host only over a secure transport. This is in contrast to non-Secure cookies, which are returned to the host…
…source's host using HTTP or HTTP-over-Secure-Transport. For example, cookies ([ RFC6265 ]) may be flagged as Secure. UAs are to send such Secure cookies to their addressed host only over a secure transport. This is in contrast to non-Secure cookies, which are returned to the host…
…e Cookies draft-ietf-httpbis-cookie-same-site-00 Abstract This document updates RFC6265 by defining a "SameSite" attribute which allows servers to assert that a cookie ought not to be sent along with cross-site requests. This assertion allows user agents to mitigate the risk of c…
… foolish for a user agent to send stored user credentials [RFC7235] or cookies [RFC6265] in a TRACE request. The final recipient of the request SHOULD exclude any request header fields that are likely to contain sensitive data when that recipient generates the response body. TRAC…
…olish for a user agent to send stored user credentials [ RFC7235 ] or cookies [ RFC6265 ] in a TRACE request. The final recipient of the request SHOULD exclude any request header fields that are likely to contain sensitive data when that recipient generates the response body. TRA…