Secure
The secure flag guarantees a secure transmission of the cookie. Only if a secure HTTPS connection to the host is available, the cookie is sent along the request. The default value of this flag is false, so it has to be activated by using the following generation command (PHP):
setcookie($name, $value, $expire, $path, $domain, 1, $httponly);
country=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=doka.com
[https://www.doka.com/de-ch/index/]
Http Only
By using the HTTPOnly Flag, cookies can not be read / modified by embedded JavaScript. The default value of this flag is false, so it has to be activated by using the following generation command (PHP):
setcookie($name, $value, $expire, $path, $domain, $secure, 1);
country=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=doka.com
[https://www.doka.com/de-ch/index/]
Same Site
The SameSite flag prevents the browser from sending a cookie along with cross-site requests. It can be set to strict or lax, where strict means that the cookie will not be available after leaving a site (used on bank websites). Lax will just not send the cookie along with CSRF-prone request methods (eg. POST) so this is often a reasonable balance between security and usability. To integrate this flag using PHP, the attribute has to be added as a string after another attribute.
setcookie($name, $value, $expire, $path, $domain, $secure, $httponly."; samesite=lax");
country=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=doka.com
[https://www.doka.com/de-ch/index/]