%% You should probably cite draft-ietf-httpbis-cookie-alone instead of this I-D. @techreport{west-leave-secure-cookies-alone-00, number = {draft-west-leave-secure-cookies-alone-00}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-west-leave-secure-cookies-alone/00/}, author = {Mike West}, title = {{Deprecate modification of 'secure' cookies from non-secure origins}}, pagetotal = 4, year = 2015, month = oct, day = 6, abstract = {This document updates RFC6265 by removing the ability for a non- secure origin to set cookies with a 'secure' flag, and to overwrite cookies whose 'secure' flag is set. This deprecation improves the isolation between HTTP and HTTPS origins, and reduces the risk of malicious interference.}, }