…source's host using HTTP or HTTP-over-Secure-Transport. For example, cookies ([ RFC6265 ]) may be flagged as Secure. UAs are to send such Secure cookies to their addressed host only over a secure transport. This is in contrast to non-Secure cookies, which are returned to the host…

…ublic suffix: "A domain that is controlled by a public registry." (Quoted from [RFC6265], Section 5.3 ) A common definition for this term is a domain under which subdomains can be registered by third parties and on which HTTP cookies (which are described in detail in [ RFC6265 ])…

…e-site Cookies draft-west-first-party-cookies-07 Abstract This document updates RFC6265 by defining a "SameSite" attribute which allows servers to assert that a cookie ought not to be sent along with cross-site requests. This assertion allows user agents to mitigate the risk of c…

…source's host using HTTP or HTTP-over-Secure-Transport. For example, cookies ([ RFC6265 ]) may be flagged as Secure. UAs are to send such Secure cookies to their addressed host only over a secure transport. This is in contrast to non-Secure cookies, which are returned to the host…

…th a server-side session management tool or script inserting a session cookie [ RFC6265 ] into the output to the browser. Use of Transport Layer Security (TLS) for the HTTP session is still necessary to prevent session cookie hijacking. HOBA keys are "bare keys", so there is no n…

… foolish for a user agent to send stored user credentials [RFC7235] or cookies [RFC6265] in a TRACE request. The final recipient of the request SHOULD exclude any request header fields that are likely to contain sensitive data when that recipient generates the response body. TRAC…

…olish for a user agent to send stored user credentials [ RFC7235 ] or cookies [ RFC6265 ] in a TRACE request. The final recipient of the request SHOULD exclude any request header fields that are likely to contain sensitive data when that recipient generates the response body. TRA…

…olish for a user agent to send stored user credentials [ RFC7235 ] or cookies [ RFC6265 ] in a TRACE request. The final recipient of the request SHOULD exclude any request header fields that are likely to contain sensitive data when that recipient generates the response body. TRA…

…olish for a user agent to send stored user credentials [ RFC7235 ] or cookies [ RFC6265 ] in a TRACE request. The final recipient of the request SHOULD exclude any request header fields that are likely to contain sensitive data when that recipient generates the response body. TRA…

…olish for a user agent to send stored user credentials [ RFC7235 ] or cookies [ RFC6265 ] in a TRACE request. The final recipient of the request SHOULD exclude any request header fields that are likely to contain sensitive data when that recipient generates the response body. TRA…

…olish for a user agent to send stored user credentials [ RFC7235 ] or cookies [ RFC6265 ] in a TRACE request. The final recipient of the request SHOULD exclude any request header fields that are likely to contain sensitive data when that recipient generates the response body. TRA…

… foolish for a user agent to send stored user credentials [RFC7235] or cookies [RFC6265] in a TRACE request. The final recipient of the request SHOULD exclude any request header fields that are likely to contain sensitive data when that recipient generates the response body. TRAC…

…olish for a user agent to send stored user credentials [ RFC7235 ] or cookies [ RFC6265 ] in a TRACE request. The final recipient of the request SHOULD exclude any request header fields that are likely to contain sensitive data when that recipient generates the response body. TRA…

…olish for a user agent to send stored user credentials [ RFC7235 ] or cookies [ RFC6265 ] in a TRACE request. The final recipient of the request SHOULD exclude any request header fields that are likely to contain sensitive data when that recipient generates the response body. TRA…

…olish for a user agent to send stored user credentials [ RFC7235 ] or cookies [ RFC6265 ] in a TRACE request. The final recipient of the request SHOULD exclude any request header fields that are likely to contain sensitive data when that recipient generates the response body. TRA…