Already available, secure cookies: https://www.owasp.org/index.php/SecureFlag

I am aware of that, and it's not what I'm talking about. That has to be set by the site to be effective.

I'm suggesting a global setting in the browser that means it won't send any cookies to any plain HTTP site, regardless of what the site says.

If enough people enabled an option like this, sites would have to move to HTTPS if they wanted to reliably use cookies, which doesn't seem problematic.

That's a setting for webservers to set on cookies.