Simon Willison’s Weblog

Subscribe

Saturday, 7th April 2018

Cookies-over-HTTP Bad (via) Mike West from the Chrome security team proposes a way for browsers to start discouraging the use of tracking cookies sent over HTTP—which represent a significant threat to user privacy from network attackers. It’s a clever piece of thinking: browsers would slowly ramp up the forced expiry deadline for non-HTTPS cookies, further encouraging sites to switch to HTTPS cookies while giving them ample time to adapt.

# 2:39 pm / cookies, https, privacy

2018 » April

MTWTFSS
      1
2345678
9101112131415
16171819202122
23242526272829
30