API Pricing RU Sign In

Site Analysis

HTTP Headers Advanced Health Score PageSpeed Security Redirect Chain Broken Links HTTP/2 & HTTP/3

Domain & DNS

DNS DNS Propagation WHOIS SSL CMS Detector

Network

Ping Traceroute IP ASN Lookup IP/CIDR Calculator

Security

Spam Lists RKN Check IP Abuse Check DKIM Generator Email Deliverability Mixed Content SEO Audit Schema Checker Site Comparison

SEO & AI

Robots.txt AI Readiness llms.txt Keywords

Utilities

Formatter Cron Tester JWT Decoder TTL Calculator Batch Heartbeat Status Pages

Information

API Documentation Articles Pricing Help Contact

RU Sign In Sign Up

Home / HTTP Headers / Set-Cookie

← All HTTP Headers

Response

Set-Cookie

Sends a cookie from the server to the browser for session management, tracking, and personalization.

Syntax

Set-Cookie: &lt;name&gt;=&lt;value&gt;; Path=/; Secure; HttpOnly; SameSite=Lax

Example

Set-Cookie: session_id=abc123; Path=/; Secure; HttpOnly; SameSite=Lax; Max-Age=86400

Description

Set-Cookie sends cookies to the browser. Enables session management, preferences, and tracking.

Key attributes: Secure (HTTPS only), HttpOnly (no JS access), SameSite (Strict/Lax/None), Path, Domain, Max-Age.

For security: always use Secure; HttpOnly; SameSite=Lax for session cookies. Never store sensitive data directly.

Check if your website sends this header correctly

Check your headers →

The Complete HTTP Request Lifecycle: From URL to Rendered Page

Trace every step of an HTTP request from typing a URL to seeing a rendered page. DNS, TCP, TLS, HTTP, rendering — understand the full journey.

CDN: How It Works and Why You Need It

How Content Delivery Networks work: edge servers, caching, anycast routing. When you need a CDN and how to choose one.

Cookie Security Flags: HttpOnly, Secure, SameSite

Understanding cookie security flags: HttpOnly, Secure, SameSite. How to protect user sessions from XSS, CSRF, and interception attacks.

Related Headers

Connection

Controls whether the network connection stays open after the current transaction finishes.

Content-Disposition

Indicates whether the response should be displayed inline or downloaded as a file attachment.

Content-Encoding

Specifies the compression algorithm applied to the response body, such as gzip or brotli.

Content-Length

Specifies the size of the response body in bytes.

Content-Type

Indicates the media type of the response body, telling the browser how to interpret and display the content.

Date

Indicates the date and time at which the response was generated by the server.

Start monitoring for free

Create Account API Documentation

⚡

enterno.io

Website monitoring and analysis tools

Site Analysis HTTP Headers Advanced Health Score PageSpeed Security Redirect Chain Broken Links HTTP/2 & HTTP/3

Domain & DNS & Network DNS Lookup DNS Propagation WHOIS SSL Check CMS Detector Ping & Ports Traceroute IP Geolocation ASN Lookup IP/CIDR Calculator

Security Spam Lists RKN Check IP Abuse Check DKIM Generator Email Deliverability Mixed Content

SEO & AI & Utilities Robots.txt AI Readiness llms.txt Keywords SEO Audit Schema Checker Site Comparison Formatter Cron Tester JWT Decoder TTL Calculator Batch Check

Service API Documentation Pricing Help Compare Articles HTTP Headers Reference HTTP Status Codes Contact Privacy Policy Terms of Service Heartbeat Status Pages

PHP 8.4 · Hosting: Russia