Set Response Cookie

With this behavior enabled, you can set a cookie to send with the response to the client.

How it works

There are two types of cookies you can set. You can either predetermine the cookie value or set a unique stamp:

  • A fixed cookie that you can specify in this interface. The cookie is set on the end-user device only if it isn't already present.
  • A unique cookie—the cookie value contains a unique representation of the time and origin for the cookie. You would generally configure this cookie to be used only if it isn't already present in the client request and client cookies are logged for each request. This may help you identify the number of unique users or analyze client sessions within a website.

Features and options

FieldWhat it doesSub-options
Cookie NameSpecify the name of the cookie, which serves as a key to determine if the cookie is set.
Set Response CookieEnable or disable setting a response cookie.
Type of CookieSpecify the cookie type you want to assign.
  • Fixed
  • Unique

ValueWith Type of Cookie set to Fixed, you can specify the cookie value.
Type of unique stampWith Type of Cookie set to Unique, you can select the type of unique stamp.

See Types of unique stamps for more details.
  • Akamai
  • Apache
DomainSelect what domain type you want to use.
  • Use default
  • Specific

Cookie DomainWith the Domain set to Specific, you can set the domain for which the cookie is valid. For example, makes the cookie valid for that hostname and all subdomains.
PathSelect the path you want to use.
  • Use default. This leaves the path attribute empty. User agents use the directory specified in the request URI's path component.
  • Specific

Cookie PathWith Path set to Specific, you can specify the path for which the cookie is valid. To use the current path, specify the {{builtin.AK_PATH}} variable. Only requests from the browser with a matching path, including subdirectories, will send the cookie in the request.
ExpirationSpecify when the cookie expires.
  • On browser close
  • Fixed Time/Date
  • Duration
  • Never Expires

Expire DateWith Expiration set to Fixed Time/Date, you can set when the cookie expires as a UTC date and time.
DurationWith Expiration set to Duration, you can set the cookie’s lifetime.
SameSiteThis option controls the SameSite cookie attribute that reduces the risk of cross-site request forgery attacks.
  • Use default. Don't send the SameSite cookie attribute.
  • None. Send the cookie in all contexts if the Secure option is enabled.
  • Lax. Send the cookie also when the user navigates to a URL from an external site.
  • Strict. Send the cookie only to the same site that originated it.

SecureWhen enabled, sets the cookie’s Secure flag to transmit it with HTTPS.
HttpOnlyWhen enabled, includes the HttpOnly attribute in the Set-Cookie response header to mitigate the risk of client-side scripts accessing the protected cookie, if the browser supports it.

Types of unique stamps

You can choose between two formats for the unique stamp. The cookie's value becomes a unique identifier constructed by the ​Akamai​ server from the following fields:

  • ​Akamai​ Format Value:

    • The ​Akamai​ server's IP address

    • The current process ID

    • The current time as seconds

    • The decimal part of the current time

    • A counter

The cookie's value is based on the hex value of the binary representation of the above fields. The combination of these fields ensures that the cookies are always different.

  • Apache Format Value:

    • The server's IP address

    • The current process ID

    • Cookie generation time (in seconds since Unix epoch time - 10 digits)

    • Cookie generation time milliseconds (the milliseconds part of the epoch time - 3 digits)

An example Apache format value: Apache=