These three flags block script access to reduce XSS theft, force HTTPS, and mitigate CSRF — Domain, Path, and Max-Age only scope reach and lifetime, Priority, Partitioned, and Size tune storage, and Public, Private, and no-store are Cache-Control directives rather than cookie security flags.
Official docs