I am aware of that, and it's not what I'm talking about. That has to be set by the site to be effective.
I'm suggesting a global setting in the browser that means it won't send any cookies to any plain HTTP site, regardless of what the site says.
If enough people enabled an option like this, sites would have to move to HTTPS if they wanted to reliably use cookies, which doesn't seem problematic.
I'm suggesting a global setting in the browser that means it won't send any cookies to any plain HTTP site, regardless of what the site says.
If enough people enabled an option like this, sites would have to move to HTTPS if they wanted to reliably use cookies, which doesn't seem problematic.