When you search in Google for user cookies top results are VPN services that say that it’s used by ISP to track the users. Wikipedia Supercookie say nothing about HTTP headers and what exactly are super cookies.
I’m interested what the subdomain can do to harm the domain. Are supercookies the same as HSTS supercookies as describe in this question What are HSTS Super Cookies?
I was suggested by some person when we were discussing scheme.org that will act like umbrella for different subdomains that the domain should be reported to https://publicsuffix.org/ otherwise subdomain can steal login cookies, this is unlikely because in one article (at some VPN company) I read that those are not actually cookies only HTTP headers.
So can someone explain what are exactly super cookies and what potential attacker can do to harm the domain? Or what are any vector attacks the evil person can do with super cookies?