Set-Cookie
Server instructs the client to store a cookie. Can include HttpOnly, Secure, SameSite, Max-Age.
ResponseSyntax
Set-Cookie: <name>=<value>[; <attr>]*Example values
| Value | Explanation |
|---|---|
| session=abc123; Path=/; HttpOnly; Secure; SameSite=Strict | Secure session cookie |
| pref=dark; Max-Age=31536000 | Preference, 1 year |
cURL usage
curl -i https://example.com/login # Inspect Set-Cookie in response
Common mistakes
Missing HttpOnly for session cookies; SameSite=None without Secure.