Secure parameter makes sure the cookie can only be transmitted securely over HTTPS, and it will not be sent over unencrypted HTTP connections:
document.cookie = 'name=Flavio; Secure;'
Note that this does not make cookies secure in any way - always avoid adding sensitive information to cookies
One useful parameter is
HttpOnly, which makes cookies inaccessible via the
document.cookie API, so they are only editable by the server:
document.cookie = 'name=Flavio; Secure; HttpOnly'
SameSite lets servers require that a cookie is not sent on cross-site requests, but only on resources that have the cookie domain as the origin, which should be a great help towards reducing the risk of CSRF (Cross Site Request Forgery) attacks.