Définition 1 ¶
This isn’t a security header per se, but there are three different options for cookies that you should be aware of.
Cookies marked as Secure will only be served over HTTPS. This prevents someone from reading the cookies in a MiTM attack where they can force the browser to visit a given page.
Solution Django (si utilisation de https) ¶
Django Session cookies are HttpOnly by default. To set secure:
SESSION_COOKIE_SECURE = True.
Not sure about SameSite.