The HTTP Cookie request header includes HTTP Cookies that have been sent by the server.


The Cookie request header is included in a client request to transmit data to the server. Cookies originate on the server-side and are sent to the client for use in future HTTP responses. They have myriad use cases but often, Cookies are used to maintain state and identify specific users. For example, after authenticating with a website, an authorization token can be returned as a Cookie and subsequently used by the client for access control and authentication.

HTTP Cookies are received from a server by way of the HTTP Set-Cookie response header.

Multiple Cookies can be included either on different lines or instead, in a comma-delimited format on a single line. The directive includes the name of the Cookie and its value. The syntax is as follows:

Cookie: name=value


In this example, the server includes several Cookies for the client to store. In subsequent HTTP requests, the client sends all of the Cookies back to the server using the Cookie request header field. The two exceptions are screenmode, which will not be sent after January 1st, 2023, and job, which will only be sent for the next hour.


HTTP/1.1 200 OK
Content-Type: text/html
Set-Cookie: items=16
Set-Cookie: headercolor=blue
Set-Cookie: footercolor=green
Set-Cookie: screenmode=dark, Expires=Sun, 1 Jan 2023 12:00:00 GMT
Set-Cookie: job=111; Max-Age: 3600; Secure; HttpOnly

Request (shortly after)

GET / HTTP/1.1
Cookie: items=16; headercolor=blue; screenmode=dark; job=111

Request (more than an hour later but before January 1st, 2023)

GET / HTTP/1.1
Cookie: items=16; headercolor=blue; screenmode=dark


The Cookie header is used as part of a mechanism that servers have for storing data on a client, generally used to identify the client.

See also

Last updated: August 2, 2023