GuideReference
TrainingSupportCommunity

response_​cookie

  • Property Manager name: Set Response Cookie
  • Behavior version: The v2023-01-05 rule format supports the response_​cookie behavior v1.3.
  • Rule format status: GA, stable
  • Access: Read-write
  • Allowed in includes: Yes

Set a cookie to send downstream to the client with either a fixed value or a unique stamp.

OptionTypeDescriptionRequires
enabledboolean

Allows you to set a response cookie.

{"displayType":"boolean","tag":"input","type":"checkbox"}
typeenum

What type of value to assign.

{"displayType":"enum","options":["FIXED","UNIQUE"],"tag":"select"}
{"if":{"attribute":"enabled","op":"eq","value":true}}
FIXED

Assign a FIXED value based on the value field.

UNIQUE

Assign a unique value.

valuestring (allows variables)

If the cookie type is FIXED, this specifies the cookie value.

type is FIXED
{"displayType":"string","tag":"input","type":"text"}
{"if":{"attribute":"type","op":"eq","value":"FIXED"}}
formatenum

When the type of cookie is set to UNIQUE, this sets the date format.

type is UNIQUE
{"displayType":"enum","options":["AKAMAI","APACHE"],"tag":"select"}
{"if":{"attribute":"type","op":"eq","value":"UNIQUE"}}
AKAMAI

Akamai format, which adds milliseconds to the date stamp.

APACHE

Apache format.

default_​domainboolean

When enabled, uses the default domain value, otherwise the set specified in the domain field.

{"displayType":"boolean","tag":"input","type":"checkbox"}
{"if":{"attribute":"enabled","op":"eq","value":true}}
default_​pathboolean

When enabled, uses the default path value, otherwise the set specified in the path field.

{"displayType":"boolean","tag":"input","type":"checkbox"}
{"if":{"attribute":"enabled","op":"eq","value":true}}
domainstring (allows variables)

If the default_​domain is disabled, this sets the domain for which the cookie is valid. For example, example.​com makes the cookie valid for that hostname and all subdomains.

default_​domain is false
{"displayType":"string","tag":"input","type":"text"}
{"if":{"attribute":"defaultDomain","op":"eq","value":false}}
pathstring (allows variables)

If the default_​path is disabled, sets the path component for which the cookie is valid.

default_​path is false
{"displayType":"string","tag":"input","type":"text"}
{"if":{"attribute":"defaultPath","op":"eq","value":false}}
expiresenum

Sets various ways to specify when the cookie expires.

{"displayType":"enum","options":["ON_BROWSER_CLOSE","FIXED_DATE","DURATION","NEVER"],"tag":"select"}
{"if":{"attribute":"enabled","op":"eq","value":true}}
ON_​BROWSER_​CLOSE

Limit the cookie to the duration of the session.

FIXED_​DATE

Requires a corresponding expiration_​date field value.

DURATION

Requires a corresponding duration field value.

NEVER

Let the cookie persist indefinitely.

expiration_​datestring (epoch timestamp)

If expires is set to FIXED_​DATE, this sets when the cookie expires as a UTC date and time.

expires is FIXED_​DATE
{"displayType":"string","tag":"input","type":"text"}
{"if":{"attribute":"expires","op":"eq","value":"FIXED_DATE"}}
durationstring (duration)

If expires is set to DURATION, this sets the cookie's lifetime.

expires is DURATION
{"displayType":"string","tag":"input","type":"text"}
{"if":{"attribute":"expires","op":"eq","value":"DURATION"}}
same_​siteenum

This option controls the Same​Site cookie attribute that reduces the risk of cross-site request forgery attacks.

{"displayType":"enum","options":["DEFAULT","NONE","LAX","STRICT"],"tag":"select"}
{"if":{"attribute":"enabled","op":"eq","value":true}}
DEFAULT

Send the Same​Site cookie attribute.

NONE

Send the cookie in all contexts if the secure option is enabled.

LAX

Send the cookie also when the user navigates to a URL from an external site.

STRICT

Send the cookie only to the same site that originated it.

secureboolean

When enabled, sets the cookie's Secure flag to transmit it with HTTPS.

{"displayType":"boolean","tag":"input","type":"checkbox"}
{"if":{"attribute":"enabled","op":"eq","value":true}}
http_​onlyboolean

When enabled, includes the Http​Only attribute in the Set-Cookie response header to mitigate the risk of client-side scripts accessing the protected cookie, if the browser supports it.

{"displayType":"boolean","tag":"input","type":"checkbox"}
{"if":{"attribute":"enabled","op":"eq","value":true}}