This question has been asked and answered multiple times in this forum, see e.g. Security: __Host-Prefix cookie setting?