should Cookie requests be https?

[Michaell]

The ones for this forum are. But I'm using a site that is showing as not secure, and I noticed almost all cookie requests, which it has a lot of, are via http. Did not see password included, just stuff like user ID, user name, session ID and other minor stuff. But I was wondering if cookie requests via http cause the insecure mixed content rating. I have uMatrix set for https only but still getting this mixed insecure result nonetheless for what that's worth.