THREATOPS
THREAT OPSThreat News › Cookie Chaos: How to bypass __Host and __Secure cookie prefixes

Cookie Chaos: How to bypass __Host and __Secure cookie prefixes

infoportswigger_researchPublished 2025-09-03

Browsers added cookie prefixes to protect your sessions and stop attackers from setting harmful cookies. In this post, you’ll see how to bypass cookie defenses using discrepancies in browser and serve

Original source: https://portswigger.net/research/cookie-chaos-how-to-bypass-host-and-secure-cookie-prefixes