Set-Cookie HTTP Header

Set-Cookie

A cookie sent from the server to be set on the client

Multiple Allowed

This header can occur multiple times in a response.

Accepted Values

A cookie has a name and value, and is then followed by an optional number of options, each seperated by a semi-colon.
<name>=<value>

Cookie name and value. The value can be enclosed in double quotes, and must only contain ASCII characters (excluding control, space, quotes, comma, semi-colon, and backslashes.

domain

The domain to which the cookie is applied.

expires=<date>

The date at which the cookie expires.

expires=<day-name>, <day> <month> <year> <hour>:<minute>:<second> GMT
httponly

Prevent JavaScript from accessing the cookie.

max-age=<integer>

The number of seconds until the cookie expires.

max-age=4
path

The path on the domain to which the cookie is applied.

samesite=<option>

Control whether cookies are sent with cross-domain requests

Options:

  • strict

    The cookie is sent only for same-domain requests.
  • lax

    The cookie is sent when navigating to the site from an external resource, but is not sent on cross-domain requests.
  • none

    The cookie sent for cross-domain and same-domain requests.
secure

The cookie is only sent over https.

Example

Set-Cookie: login=logintoken; Expires=Mon, 1 Oct 2021 03:04:005 GMT, Domain=apple.com

Parse

Enter a Set-Cookie header below to parse and return details about it.

Reference

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie