What do the `__Host-` and `__Secure-` cookie name prefixes guarantee, and why use them?

These are name-based integrity signals enforced by the browser. A cookie named with the __Secure- prefix is only accepted if it was set with the Secure attribute (so only over HTTPS). The __Host- prefix is stricter: the cookie must have Secure, must not set a Domain attribute (so it's locked to the exact host that set it, not shared with subdomains), and must have Path=/. The browser rejects any Set-Cookie that violates these, which defends against cookie injection/overwriting by a compromised or sibling subdomain (cookie tossing) and against insecure transport. Prefer __Host- for sensitive cookies like session IDs/CSRF tokens; it complements HttpOnly (no JS access) and SameSite (cross-site sending) rather than replacing them.