Set Response Cookie

With this behavior enabled, you can set a cookie to send with the response to the client.

How it works

There are two types of cookies you can set. You can either predetermine the cookie value or you can set the value as a unique stamp.

  • A fixed cookie that you can specify in this interface. The cookie is set on the end-user device only if it isn't already present.
  • A unique cookieโ€”the cookie value contains a unique representation of the time and origin for the cookie. You would generally configure this cookie to be used only if it isn't already present in the client request and client cookies are logged for each request. This may help you identify the number of unique users or analyze client sessions within a website.

Features and options


What it does


Cookie Name

Specify the name of the cookie, which serves as a key to determine if the cookie is set.

Set Response Cookie

Enable or disable setting a response cookie.

Type of Cookie

Specify the cookie type you want to assign.


  • Fixed
  • Unique


With Type of Cookie set to Fixed, you can specify the cookie value.

Type of unique stamp

With Type of Cookie set to Unique, you can select the type of unique stamp.

See the Type of unique stamp section for more details.

  • Akamai
  • Apache


Select what domain type you want to use.


  • Use default
  • Specific

Cookie Domain

With the Domain set to Specific, you can set the domain for which the cookie is valid. For example, makes the cookie valid for that hostname and all subdomains.


Select the path you want to use.


  • Use default
  • Specific

Cookie Path

With Path set to Specific, you can specify the path for which the cookie is valid.


Specify when the cookie expires.


  • On browser close
  • Fixed Time/Date
  • Duration
  • Never Expires

Expire Date

With Expiration set to Fixed Time/Date, you can set when the cookie expires as a UTC date and time.


With Expiration set to Duration, you can set the cookieโ€™s lifetime.


This option controls the SameSite cookie attribute that reduces the risk of cross-site request forgery attacks.

  • **Use default**. Don't send the `SameSite` cookie attribute.
  • **None**. Send the cookie in all contexts if the Secure option is enabled.
  • **Lax**. Send the cookie also when the user navigates to a URL from an external site.
  • **Strict**. Send the cookie only to the same site that originated it.


When enabled, sets the cookieโ€™s Secure flag to transmit it with HTTPS.


When enabled, includes the HttpOnly attribute in the Set-Cookie response header to mitigate the risk of client-side scripts accessing the protected cookie, if the browser supports it.

Type of unique stamp

You can choose between two formats for the Type of unique stamp. The cookie's value becomes a unique identifier constructed by the โ€‹Akamaiโ€‹ server from the following fields:

  • โ€‹Akamaiโ€‹ Format Value:

    • The โ€‹Akamaiโ€‹ server's IP address

    • The current process ID

    • The current time as seconds

    • The decimal part of the current time

    • A counter

The cookie's value is based on the hex value of the binary representation of the above fields. The combination of these fields ensures that the cookies are always different.

  • Apache Format Value:

    • The server's IP address

    • The current process ID

    • Cookie generation time (in seconds since Unix epoch time - 10 digits)

    • Cookie generation time milliseconds (the milliseconds part of the epoch time - 3 digits)

An example Apache format value: Apache=

Did this page help you?