Content deleted Content added
Anton.bersh (talk | contribs) →Third-party cookie: Google Chrome postponed third-party cookie blocking to 2025 |
GreenC bot (talk | contribs) Move 1 url. Wayback Medic 2.5 per WP:URLREQ#symantec.com |
||
Line 190:
The <code>Secure</code> attribute is meant to keep cookie communication limited to encrypted transmission, directing browsers to use cookies only via [[HTTPS|secure/encrypted]] connections. However, if a web server sets a cookie with a secure attribute from a non-secure connection, the cookie can still be intercepted when it is sent to the user by [[man-in-the-middle attack]]s. Therefore, for maximum security, cookies with the Secure attribute should only be set over a secure connection.
The <code>HttpOnly</code> attribute directs browsers not to expose cookies through channels other than HTTP (and HTTPS) requests. This means that the cookie cannot be accessed via client-side scripting languages (notably [[JavaScript]]), and therefore cannot be stolen easily via [[cross-site scripting]] (a pervasive attack technique).<ref name="Symantec-2007-2nd-exec">{{cite report |title=Symantec Internet Security Threat Report: Trends for July–December 2007 (Executive Summary) |publisher=Symantec Corp. |volume=XIII |pages=1–3 |date=April 2008 |url=http://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_exec_summary_internet_security_threat_report_xiii_04-2008.en-us.pdf |access-date=May 11, 2008 |archive-url=https://web.archive.org/web/20080625065121/http://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_exec_summary_internet_security_threat_report_xiii_04-2008.en-us.pdf |archive-date=June 25, 2008 |url-status=
==Browser settings==
| |||