I tried to secure (javascript) cookies with poor success. I made three rule sets with different target host attributes to test https://www.fortum.com. I was expecting that cookies were secured in all of these tests. Not sure if test case 1 is a defect or intended behaviour but at least Chrome is acting strange. Here are the results: FIREFOX ``` Test 1) <target host="www.fortum.com"> <target host="fortum.com"> Cookies: Host: www.fortum.com Name: Sitester_Nth1328 [Secured] Domain: .fortum.com Name: __utma [Not secured] Test 2) <target host="*.fortum.com"> <target host="fortum.com"> Cookies: Host: www.fortum.com Name: Sitester_Nth1328 [Secured] Domain: .fortum.com Name: __utma [Secured] Test 3 ) <target host=".fortum.com"> # validation error but works as a local rule <target host="fortum.com"> <target host="www.fortum.com"> Cookies: Host: www.fortum.com Name: Sitester_Nth1328 [Secured] Domain: .fortum.com Name: __utma [Secured] ``` CHROME ``` Test 4) <target host="www.fortum.com"> <target host="fortum.com"> Cookies: Domain: www.fortum.com Name: Sitester_nth1382 [Not secured] Domain: .www.fortum.com Name: Sitester_nth1382 [Secured] Domain: .fortum Name: __utma [Not secured] Test 5) <target host="*.fortum.com"> <target host="fortum.com"> Cookies: Domain: www.fortum.com Name: Sitester_nth1382 [Not secured] Domain: .www.fortum.com Name: Sitester_nth1382 [Secured] Domain: .fortum Name: __utma [Not secured] ``` **Trac**: **Username**: mikkoharhanen