Join the AI Workshop and learn to build real-world apps with AI. A hands-on, practical program to level up your skills.
Secure
Adding the Secure parameter ensures the cookie is only transmitted over HTTPS and is not sent over unencrypted HTTP connections:
document.cookie = 'name=Flavio; Secure;'Note that this does not make cookies secure; avoid storing sensitive information in cookies.
HttpOnly
A useful parameter is HttpOnly, which makes cookies inaccessible via the document.cookie API so they can only be set and read by the server:
document.cookie = 'name=Flavio; Secure; HttpOnly'SameSite
SameSite allows servers to require that a cookie is only sent on same-site requests (where the request origin matches the cookie domain), which helps reduce the risk of CSRF (Cross-Site Request Forgery) attacks.