diff --git a/Lib/http/cookies.py b/Lib/http/cookies.py
index 7ec927447c6..73acbc718a1 100644
--- a/Lib/http/cookies.py
+++ b/Lib/http/cookies.py
@@ -330,8 +330,8 @@ class Morsel(dict):
         "comment"  : "Comment",
         "domain"   : "Domain",
         "max-age"  : "Max-Age",
-        "secure"   : "secure",
-        "httponly" : "httponly",
+        "secure"   : "Secure",
+        "httponly" : "HttpOnly",
         "version"  : "Version",
     }
 
diff --git a/Lib/test/test_http_cookies.py b/Lib/test/test_http_cookies.py
index 7c0e01b075f..ee30f174808 100644
--- a/Lib/test/test_http_cookies.py
+++ b/Lib/test/test_http_cookies.py
@@ -114,7 +114,7 @@ def test_set_secure_httponly_attrs(self):
         C['Customer']['secure'] = True
         C['Customer']['httponly'] = True
         self.assertEqual(C.output(),
-            'Set-Cookie: Customer="WILE_E_COYOTE"; httponly; secure')
+            'Set-Cookie: Customer="WILE_E_COYOTE"; HttpOnly; Secure')
 
     def test_secure_httponly_false_if_not_present(self):
         C = cookies.SimpleCookie()
@@ -145,7 +145,7 @@ def test_extra_spaces(self):
         C = cookies.SimpleCookie()
         C.load('eggs  =  scrambled  ;  secure  ;  path  =  bar   ; foo=foo   ')
         self.assertEqual(C.output(),
-            'Set-Cookie: eggs=scrambled; Path=bar; secure\r\nSet-Cookie: foo=foo')
+            'Set-Cookie: eggs=scrambled; Path=bar; Secure\r\nSet-Cookie: foo=foo')
 
     def test_quoted_meta(self):
         # Try cookie with quoted meta-data
diff --git a/Misc/NEWS b/Misc/NEWS
index 5dbee3e8b22..be172f1a9bb 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -203,6 +203,9 @@ Core and Builtins
 Library
 -------
 
+- Issue #23250: In the http.cookies module, capitalize "HttpOnly" and "Secure"
+  as they are written in the standard.
+
 - Issue #23063: In the disutils' check command, fix parsing of reST with code or
   code-block directives.