diff --git a/system/HTTP/ResponseTrait.php b/system/HTTP/ResponseTrait.php
index 2d4295116807..45f07d186170 100644
--- a/system/HTTP/ResponseTrait.php
+++ b/system/HTTP/ResponseTrait.php
@@ -670,7 +670,7 @@ private function dispatchCookies(): void
 
         foreach ($this->cookieStore->display() as $cookie) {
             if ($cookie->isSecure() && ! $request->isSecure()) {
-                throw SecurityException::forDisallowedAction();
+                throw SecurityException::forInsecureCookie();
             }
 
             $name    = $cookie->getPrefixedName();
diff --git a/system/Language/en/Security.php b/system/Language/en/Security.php
index 145abaab71e7..fd906e378a29 100644
--- a/system/Language/en/Security.php
+++ b/system/Language/en/Security.php
@@ -14,6 +14,7 @@
 // Security language settings
 return [
     'disallowedAction' => 'The action you requested is not allowed.',
+    'insecureCookie'   => 'Attempted to send a secure cookie over a non-secure connection.',
 
     // @deprecated
     'invalidSameSite' => 'The SameSite value must be None, Lax, Strict, or a blank string. Given: "{0}"',
diff --git a/system/Security/Exceptions/SecurityException.php b/system/Security/Exceptions/SecurityException.php
index 16383fc25bfc..ed1d76825036 100644
--- a/system/Security/Exceptions/SecurityException.php
+++ b/system/Security/Exceptions/SecurityException.php
@@ -20,6 +20,7 @@ class SecurityException extends FrameworkException implements HTTPExceptionInter
 {
     /**
      * Throws when some specific action is not allowed.
+     * This is used for CSRF protection.
      *
      * @return static
      */
@@ -28,6 +29,15 @@ public static function forDisallowedAction()
         return new static(lang('Security.disallowedAction'), 403);
     }
 
+    /**
+     * Throws if a secure cookie is dispatched when the current connection is not
+     * secure.
+     */
+    public static function forInsecureCookie(): static
+    {
+        return new static(lang('Security.insecureCookie'));
+    }
+
     /**
      * Throws when the source string contains invalid UTF-8 characters.
      *
diff --git a/tests/system/HTTP/ResponseSendTest.php b/tests/system/HTTP/ResponseSendTest.php
index a4cc67765d3d..6159ee1140ba 100644
--- a/tests/system/HTTP/ResponseSendTest.php
+++ b/tests/system/HTTP/ResponseSendTest.php
@@ -162,14 +162,11 @@ public function testRedirectResponseCookies(): void
 
     /**
      * Make sure secure cookies are not sent with HTTP request
-     *
-     * @ runInSeparateProcess
-     * @ preserveGlobalState  disabled
      */
     public function testDoNotSendUnSecureCookie(): void
     {
         $this->expectException(SecurityException::class);
-        $this->expectExceptionMessage('The action you requested is not allowed');
+        $this->expectExceptionMessage('Attempted to send a secure cookie over a non-secure connection.');
 
         $request = $this->createMock(IncomingRequest::class);
         $request->method('isSecure')->willReturn(false);
diff --git a/user_guide_src/source/changelogs/v4.5.2.rst b/user_guide_src/source/changelogs/v4.5.2.rst
index d578360b720a..8824d3c72b96 100644
--- a/user_guide_src/source/changelogs/v4.5.2.rst
+++ b/user_guide_src/source/changelogs/v4.5.2.rst
@@ -18,6 +18,8 @@ BREAKING
 Message Changes
 ***************
 
+- Added ``Security.insecureCookie`` message.
+
 *******
 Changes
 *******