not only are they not marked secure, but a lot of them are set to linkedin.com meaning they are sent with requests to x.linkedin.com.

considering a lot of their subdomains are still hijacked at this point those cookies are being sent to them