HTTP headers :: Set-Cookie

Home » Blog » Internet » HTTP headers :: Set-Cookie

The HTTP Set-Cookie is a response header and used to send cookies from the server to the user agent. So the user agent can send them back to the server later so the server can detect the user.


Set-Cookie: <cookie-name>=<cookie-value> | Expires=<date> 
               | Max-Age=<non-zero-digit> | =<domain-value>
               | Path=<path-value> | SameSite=Strict|Lax|none

Note: Using multiple directives are also possible.


  • <cookie-name>=<cookie-value>: The cookie name have to avoid this character ( ) @, ; : \ ” / [ ] ? = { } plus control , spaces, and tabs. It can be any US- characters.
  • Expires=<date>: It is an optional directive that contains the expiry date of the cookie.
  • Max-Age=<non-zero-digit>: It contains the life span in a digit of seconds format, zero or negative value will make the cookie expired immediately.
  • Domain=<domain-value>: This directive defines the host where the cookie will be sent. It is an optional directive.
  • Path=<path-value>: This directive define a path that must exist in the requested , else the browser can’t send the cookie header.
  • SameSite=Strict|Lax|none: This directives providing some protection against cross-site request forgery attacks.


  • This types cookies were removed when the user shut down the system this types of cookies known as a session cookie.Set-Cookie: sessionId=38afes7a8
  • Permanent cookies expire on some specific dateset-cookie: 1P_JAR=2019-10-24-18; expires=…; SameSite=none

To check this Set-Cookie in action go to Inspect Element ->  check the response header for Set-Cookie.

Supported Browsers: The browsers compatible with HTTP header Set-Cookie are listed below:

Leave a Comment

%d bloggers like this:
Read previous post:
What is Ethernet?

Ethernet, pronounced "E-thernet" (with a long "e"), is the standard way to connect computers on a network over a wired connection. It provides a...