HTTP headers :: Set-Cookie

Home » Blog » Internet » HTTP headers :: Set-Cookie

The  Set-Cookie is a response header and used to send cookies from the to the user agent. So the user agent can send them back to the server later so the server can detect the user.


Set-Cookie: <cookie-name>=<cookie-value> | Expires=<date> 
               | Max-Age=<non-zero-digit> | Domain=<domain-value>
               | Path=<path-value> | SameSite=Strict|Lax|none

Note: Using multiple directives are also possible.


  • <cookie-name>=<cookie-value>: The cookie name have to avoid this character ( ) @, ; : \ ” / [ ] ? = { } plus control , spaces, and tabs. It can be any US-ASCII characters.
  • Expires=<date>: It is an optional directive that contains the expiry date of the cookie.
  • Max-Age=<non-zero-digit>: It contains the life span in a digit of seconds , zero or negative value will make the cookie expired immediately.
  • Domain=<domain-value>: This directive defines the host where the cookie will be sent. It is an optional directive.
  • Path=<path-value>: This directive define a path that must exist in the requested URL, else the can’t send the cookie header.
  • SameSite=Strict|Lax|none: This directives providing some protection against cross-site request forgery attacks.


  • This types cookies were removed when the user shut down the system this types of cookies known as a session cookie.Set-Cookie: sessionId=38afea21a8
  • Permanent cookies expire on some specific dateset-cookie: 1P_JAR=2020-11-11-18; expires=…; SameSite=none

Supported Browsers: The browsers compatible with HTTP header Set-Cookie are listed below:

Leave a Comment

%d bloggers like this:
Read previous post:
What Is a Browser Cache?

So you've just finished redesigning your website. You're excited, it looks great, and you're patting yourself on the back. Before you...