response_​cookie

Version: v2025-01-13Includes use: Yes

Behavior name: Set Response Cookie

Set a cookie to send downstream to the client with either a fixed value or a unique stamp.

Default behavior

These samples reflect the behavior's default settings. You can use these as is in your configurations or make adjustments based on the behavior's available options.

data "akamai_property_rules_builder" "response_cookie" {
  rules_v2025_02_18 {
    name     = "Set Response Cookie"
    comments = "Sets a cookie to send downstream to the client with either a fixed value or a unique stamp."
    behavior {
      response_cookie {
        cookie_name    = ""
        enabled        = true
        type           = "FIXED"
        value          = ""
        default_domain = true
        default_path   = true
        expires        = "ON_BROWSER_CLOSE"
        same_site      = "DEFAULT"
        secure         = false
        http_only      = false
      }
    }
  }
}


"behaviors": [
  {
    "name": "responseCookie",
    "options": {
      "cookiename": "",
      "enabled": true,
      "type": "FIXED",
      "value": "",
      "defaultDomain": true,
      "defaultPath": true,
      "expires": "ON_BROWSER_CLOSE",
      "sameSite": "DEFAULT",
      "secure": false,
      "httpOnly": false
    }
  }
]

Options

Option Description
cookie_name
Specifies the name of the cookie, which serves as a key to determine if the cookie is set.
enabled
Allows you to set a response cookie.
type
What type of value to assign. Value is one of:
  • FIXED. Assign a FIXED value based on the value field.
  • UNIQUE. Assign a unique value.
value
The cookie value.
format
Sets the date format. Value is one of:
  • AKAMAI. Akamai format, which adds milliseconds to the date stamp.
  • APACHE. Apache format.
default_domain
When enabled, uses the default domain value, otherwise the set specified in the domain field.
default_path
When enabled, uses the default path value, otherwise the set specified in the path field.
domain
Sets the domain for which the cookie is valid. For example, example.com makes the cookie valid for that hostname and all subdomains.
expires
Sets various ways to specify when the cookie expires. Value is one of:
  • ON_BROWSER_CLOSE. Limit the cookie to the duration of the session.
  • FIXED_DATE. Requires a corresponding expiration_date field value.
  • DURATION. Requires a corresponding duration field value.
  • NEVER. Let the cookie persist indefinitely.
expiration_date
If expires is set to FIXED_DATE, this sets when the cookie expires as a UTC date and time.
expiration_date
If expires is set to FIXED_DATE, this sets when the cookie expires as a UTC date and time.
same_site
This option controls the SameSite cookie attribute that reduces the risk of cross-site request forgery attacks. Value is one of:
  • DEFAULT. Send the SameSite cookie attribute.
  • NONE. Send the cookie in all contexts if the secure option is enabled.
  • LAX. Send the cookie also when the user navigates to a URL from an external site.
  • STRICT. Send the cookie only to the same site that originated it.
secure
When enabled, sets the cookie's Secure flag to transmit it with HTTPS.
http_only
When enabled, includes the HttpOnly attribute in the Set-Cookie response header to mitigate the risk of client-side scripts accessing the protected cookie, if the browser supports it.