Set-Cookie: test=helloworld;
Set-Cookie: test=helloworld; expires=Thu, 01-Jan-1970 00:00:10 GMT; domain=.mydomain.com; path=/; HttpOnly; Secure
Cookie: test=helloworld;
Set-Cookie: test=helloworld; path=/products;
Cookie path | When requesting URL | Safari 5, Safari 11, Chrome 12, Chrome 63, Opera 10, Netscape 4 | FireFox 3, FireFox 23, FireFox 57 | Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, Internet Explorer 11, Edge 40 |
---|---|---|---|---|
path=/hello | http://mydomain.com/goodbye/world.htm | no match | no match | no match |
path=/hello | http://mydomain.com/hello/world.htm | match | match | match |
path=/hello/world.htm | http://mydomain.com/hello/world.htm | match | match | match |
path=/hello/world.htm | http://mydomain.com/hello/world.htm?id=5 | match | match | match |
path=/hello/world.htm?id=5 | http://mydomain.com/hello/world.htm | no match | no match | MATCH! |
path=/hello/world.htm?id=5 | http://mydomain.com/hello/world.htm?id=5 | NO MATCH! | match | match |
Cookie path | Javascript on page at URL | Safari 4, Safari 5, Safari 11, Chrome 28, Chrome 63 | FireFox 14, FireFox 22, FireFox 57 | Internet Explorer 7, Internet Explorer 9, Internet Explorer 10, Internet Explorer 11, Edge 40 |
---|---|---|---|---|
path=/hello | http://mydomain.com/goodbye/world.htm | not exposed | not exposed | not exposed |
path=/hello | http://mydomain.com/hello/world.htm | exposed | exposed | exposed |
path=/hello/world.htm | http://mydomain.com/hello/world.htm | exposed | exposed | NOT EXPOSED! |
path=/hello/world.htm | http://mydomain.com/hello/world.htm?id=5 | exposed | exposed | NOT EXPOSED! |
path=/hello/world.htm?id=5 | http://mydomain.com/hello/world.htm | not exposed | not exposed | not exposed |
path=/hello/world.htm?id=5 | http://mydomain.com/hello/world.htm?id=5 | NOT EXPOSED! | exposed | NOT EXPOSED! |
http://v8.prnx.net/goodbye/set-path1.asp http://v8.prnx.net/goodbye/world.asp http://v8.prnx.net/hello/world.asp
http://v8.prnx.net/hello/set-path2.asp http://v8.prnx.net/hello/world2.asp http://v8.prnx.net/hello/world2.asp?id=5
http://v8.prnx.net/hello/set-path3.asp http://v8.prnx.net/hello/world3.asp http://v8.prnx.net/hello/world3.asp?id=5
Set-Cookie: test=helloworld; domain=.mydomain.com;
Requested URL | domain omitted in the Set-Cookie header |
Safari 5, Chrome 12, Opera 11, FireFox 3, FireFox 58, Internet Explorer 6, Internet Explorer 11, Edge 40 |
Netscape 4 | Internal representation of domain |
---|---|---|---|---|
http://go/ | accepted | not accepted | go | |
http://go.go/ | accepted | not accepted | go.go | |
http://good.go/ | accepted | accepted | good.go | |
http://www.good.go/ | accepted | accepted | www.good.go |
Internal representation of domain |
When requesting URL | FireFox 3, FireFox 12, Edge 40 |
Internet Explorer 6, Internet Explorer 11 |
Safari 5 | Chrome 12, Chrome 36 |
Opera 11 | Netscape 4 |
---|---|---|---|---|---|---|---|
domain=go | http://go/ | match | match | match | no match | match | no match |
domain=go | http://good.go/ | no match | MATCH | match | no match | no match | no match |
domain=good.go | http://good.go/ | match | match | match | match | match | ? |
domain=good.go | http://www.good.go/ | no match | MATCH | no match | no match | ? | NO MATCH! |
domain=www.good.go | http://good.go/ | no match | no match | no match | no match | no match | no match |
domain=www.good.go | http://www.good.go/ | match | match | match | match | match | match |
-- Requires DNS configuration for go and go.go to refer to the IP address of prnx.net http://go/goodbye/set-path1.asp http://go/hello/world.asp http://go.go/hello/world.asp http://go.go/goodbye/set-path1.asp http://go.go/hello/world.asp http://prnx.net/goodbye/set-path1.asp http://prnx.net/hello/world.asp http://v8.prnx.net/hello/world.asp http://v8.prnx.net/goodbye/set-path1.asp http://v8.prnx.net/hello/world.asp
Requested URL | domain in the Set-Cookie header |
FireFox 3, FireFox 5, FireFox 33 |
Internet Explorer 6 - 11 | Safari 5 | Chrome 12, Edge 40 |
Netscape 4 | Opera 11 | Internal representation of domain |
---|---|---|---|---|---|---|---|---|
http://go/ | domain=go | accepted | not accepted | accepted | not accepted | not accepted | accepted | .go |
http://go.go/ | domain=go | not accepted | not accepted | ACCEPTED! | not accepted | not accepted | not accepted | .go |
http://go/ | domain=.go | accepted | not accepted | accepted | not accepted | not accepted | accepted | .go |
http://go.go/ | domain=.go | not accepted | not accepted | ACCEPTED! | not accepted | not accepted | not accepted | .go |
http://go.go/ | domain=go.go | accepted | NOT ACCEPTED! | accepted | accepted | NOT ACCEPTED! | accepted | .go.go |
http://go.go/ | domain=.go.go | accepted | NOT ACCEPTED! | accepted | accepted | NOT ACCEPTED! | accepted | .go.go |
http://good.go/ | domain=good.go | accepted | accepted | accepted | accepted | NOT ACCEPTED! | accepted | .good.go |
http://www.good.go/ | domain=good.go | accepted | accepted | accepted | accepted | NOT ACCEPTED! | accepted | .good.go |
http://good.go/ | domain=.good.go | accepted | accepted | accepted | accepted | NOT ACCEPTED! | accepted | .good.go |
http://www.good.go/ | domain=.good.go | accepted | accepted | accepted | accepted | accepted | accepted | .good.go |
http://www.good.go/ | domain=www.good.go | accepted | accepted | accepted | accepted | accepted | accepted | .www.good.go |
http://good.go/ | domain=www.good.go | not accepted | not accepted | not accepted | not accepted | not accepted | ? | .www.good.go |
http://also.good.go/ | domain=www.good.go | not accepted | not accepted | not accepted | not accepted | not accepted | ? | .www.good.go |
Internal representation of domain |
When requesting URL | FireFox 3, FireFox 5, FireFox 12 |
Internet Explorer 6, Internet Explorer 11, Edge 40 |
Safari 5 | Chrome 12, Chrome 36 |
Opera 11 | Netscape 4 |
---|---|---|---|---|---|---|---|
domain=.go | http://go/ | match | no match | match | no match | match | no match |
domain=.go | http://good.go/ | no match | no match | match | no match | no match | no match |
domain=.good.go | http://www.good.go/ | match | match | match | match | match | match |
http://go.go/hello/set-domain1.asp http://go.go/hello/domain1.asp http://go/hello/domain1.asp http://go/hello/set-domain1.asp http://go/hello/domain1.asp
http://go.go/hello/set-domain2.asp http://go.go/hello/domain2.asp http://go/hello/domain2.asp http://go/hello/set-domain2.asp http://go/hello/domain2.asp
http://go.go/hello/set-domain3.asp http://go.go/hello/domain3.asp
http://go.go/hello/set-domain4.asp http://go.go/hello/domain4.asp
http://v8.prnx.net/hello/set-domain5.asp http://v8.prnx.net/hello/domain5.asp http://prnx.net/hello/domain5.asp http://prnx.net/hello/set-domain5.asp http://prnx.net/hello/domain5.asp
http://v8.prnx.net/hello/set-domain6.asp http://v8.prnx.net/hello/domain6.asp http://prnx.net/hello/domain6.asp http://prnx.net/hello/set-domain6.asp http://prnx.net/hello/domain6.asp
http://prnx.net/hello/set-domain7.asp http://prnx.net/hello/domain7.asp http://v8.prnx.net/hello/domain7.asp http://x8.prnx.net/hello/domain7.asp http://x8.prnx.net/hello/set-domain7.asp http://x8.prnx.net/hello/domain7.asp http://v8.prnx.net/hello/domain7.asp http://v8.prnx.net/hello/set-domain7.asp http://v8.prnx.net/hello/domain7.asp
Cookie: test=one; test=two
Requested domain at T=0 |
Set-Cookie header at T=0 |
Requested domain at T=1 |
Set-Cookie header at T=1 |
Requested domain at T=2 |
Set-Cookie header at T=2 |
Requested domain after that |
FireFox 56, FireFox 58, Chrome 64 |
Internet Explorer 10, Internet Explorer 11, Edge 40 |
Safari 5, Safari 6 |
---|---|---|---|---|---|---|---|---|---|
good.go | Set-Cookie: x=2; domain=good.go | www.good.go | Set-Cookie: x=0 | www.good.go | COOKIE: X=2; X=0 | COOKIE: X=2; X=0 | Cookie: x=0; x=2 | ||
good.go | Set-Cookie: x=2; domain=good.go | www.good.go | Set-Cookie: x=0, y=0 | good.go | Set-Cookie: y=2, domain=good.go | www.good.go | COOKIE: X=2; y=0; x=0; y=2 | COOKIE: X=2; Y=2; y=0; x=0 | Cookie: x=0; y=0; y=2; x=2 |
www.good.go | Set-Cookie: x=0 | good.go | Set-Cookie: x=2; domain=good.go | www.good.go | Cookie: x=0; x=2 | Cookie: x=0; x=2 | Cookie: x=0; x=2 | ||
good.go | Set-Cookie: x=2; domain=good.go | www.good.go | Set-Cookie: x=3; domain=www.good.go | www.good.go | COOKIE: X=2; X=3 | COOKIE: X=2; X=3 | Cookie: x=3; x=2 | ||
www.good.go | Set-Cookie: x=3; domain=www.good.go | good.go | Set-Cookie: x=2; domain=good.go | www.good.go | Cookie: x=3; x=2 | Cookie: x=3; x=2 | Cookie: x=3; x=2 |
-- Restart browser or clear cookies before this test http://prnx.net/hello/set-domain8a.asp http://v8.prnx.net/hello/set-domain8b.asp http://v8.prnx.net/hello/domain8.asp http://prnx.net/hello/set-domain9a.asp http://v8.prnx.net/hello/domain9.asp
-- Restart browser or clear cookies before this test http://v8.prnx.net/hello/set-domain10a.asp http://prnx.net/hello/set-domain10b.asp http://v8.prnx.net/hello/domain10.asp
-- Restart browser or clear cookies before this test http://prnx.net/hello/set-domain11a.asp http://v8.prnx.net/hello/set-domain11b.asp http://v8.prnx.net/hello/domain11.asp
-- Restart browser or clear cookies before this test http://v8.prnx.net/hello/set-domain12a.asp http://prnx.net/hello/set-domain12b.asp http://v8.prnx.net/hello/domain12.asp
Set-Cookie: test=someID; SameSite=Strict; domain=.mydomain.com; path=/;
Set-Cookie header at T=0 | From webpage at URL | Action at T=1 | Safari 5, Safari 10, FireFox 56, FireFox 58, Internet Explorer 11, Edge 40 |
Chrome 56, Chrome on Android |
---|---|---|---|---|
Set-Cookie: x=1; domain=good.go; SameSite=Strict | http://other.go/ | iframe src="//good.go/" | COOKIE SENT! | not sent |
Set-Cookie: x=1; domain=good.go; SameSite=Lax | http://other.go/ | iframe src="//good.go/" | COOKIE SENT! | not sent |
Set-Cookie: x=1; domain=good.go; SameSite=Strict | http://other.go/ | POST action="//good.go/" | COOKIE SENT! | not sent |
Set-Cookie: x=1; domain=good.go; SameSite=Lax | http://other.go/ | POST action="//good.go/" | COOKIE SENT! | not sent |
Set-Cookie: x=1; domain=good.go; SameSite=Strict | http://other.go/ | A href="//good.go/" | COOKIE SENT! | not sent |
Set-Cookie: x=1; domain=good.go; SameSite=Lax | http://other.go/ | A href="//good.go/" | cookie sent | cookie sent |
http://v8.prnx.net/hello/set-samesite.asp http://v8.prnx.net/hello/set-samesite2.asp http://gertjans.home.xs4all.nl/javascript/get-samesite.html
Set-Cookie: test=helloworld; HttpOnly;
Cookie HttpOnly | Javascript on page at URL | Safari 4, Safari 6, Opera 12, Chrome 28, Internet Explorer 7, Internet Explorer 11, FireFox 22 |
---|---|---|
HttpOnly | http://mydomain.com/hello/world.htm | not exposed, DOM cookie cleared |
Cookie HttpOnly | Javascript writes the same cookie | Sarari 4, Safari 5, Safari 6, Opera 12 | Chrome 28, Internet Explorer 7, Internet Explorer 11, Edge 40, FireFox 22, Safari 14 |
---|---|---|---|
test=helloworld; HttpOnly; | document.cookie='test=bye'; | COOKIE IS OVERRIDDEN! HttpOnly status is lost | Javascript is ignored |
Cookie HttpOnly | Javascript writes the same cookie | Chrome 68, Internet Explorer 11, Edge 87, FireFox 84, Safari 14 |
---|---|---|
test=helloworld; HttpOnly; | document.cookie='test=bye; httponly'; | Javascript is ignored |
Cookie witout HttpOnly | Set-cookie header | Internet Explorer 11, Edge 103, Chrome 101, FireFox 102, Safari 15 |
---|---|---|
test=helloworld; | Set-Cookie: test=goodbye; httponly; | Cookie is replaced with HTTPOnly version |
http://v8.prnx.net/hello/set-httponly.asp http://v8.prnx.net/hello/httponly.asp http://v8.prnx.net/hello/set-httponly2.asp http://v8.prnx.net/hello/httponly.asp http://v8.prnx.net/hello/set-httponly3.asp http://v8.prnx.net/hello/httponly.asp http://v8.prnx.net/hello/set-httponly.asp http://v8.prnx.net/hello/httponly.asp
Set-Cookie: test=helloworld; Secure;
Cookie Secure | When requesting URL | Safari 4, Safari 5, Netscape 4, Opera 12, Chrome 28, Internet Explorer 6, Internet Explorer 7, Internet Explorer 9, Internet Explorer 10, FireFox 12, FireFox 23 |
---|---|---|
Secure | http://mydomain.com/hello/world.htm | not sent no DOM cookie |
Secure | https://mydomain.com/hello/world.htm | sent, DOM cookie available |
Cookie present | Requested page | Set-Cookie header | Safari 4, Safari 10, Netscape 4, Opera 12, Chrome 28, Internet Explorer 6, Internet Explorer 11, Edge 40, FireFox 12, FireFox 23 |
FireFox 56, FireFox 58, Chrome 64 |
---|---|---|---|---|
test=helloworld; Secure; | https://mydomain.com/hello/world.htm | test=bye; | Cookie is overridden Cookie on any protocol | Cookie is overridden Cookie on any protocol |
test=helloworld; Secure; | http://mydomain.com/hello/world.htm | test=bye; | Cookie is overridden Cookie on any protocol | Cookie is retained |
test=helloworld; | https://mydomain.com/hello/world.htm | test=bye; Secure; | Cookie is overridden Cookie only used on HTTPS | Cookie is overridden Cookie only used on HTTPS |
test=helloworld; | http://mydomain.com/hello/world.htm | test=bye; Secure; | COOKIE IS OVERRIDDEN! Cookie only used on HTTPS | Cookie is retained |
test=helloworld; Secure; | http://mydomain.com/hello/world.htm | test=bye; Secure | COOKIE IS OVERRIDDEN! Cookie only used on HTTPS | Cookie is retained |
https://v8.prnx.net/hello/set-secure1.asp https://v8.prnx.net/hello/secure1.asp http://v8.prnx.net/hello/secure1.asp
https://v8.prnx.net/hello/set-secure1.asp https://v8.prnx.net/hello/set-nonsecure1a.asp https://v8.prnx.net/hello/secure1.asp https://v8.prnx.net/hello/set-secure1.asp http://v8.prnx.net/hello/set-nonsecure1b.asp https://v8.prnx.net/hello/secure1.asp
http://v8.prnx.net/hello/set-nonsecure2a.asp https://v8.prnx.net/hello/set-secure2a.asp https://v8.prnx.net/hello/secure2a.asp http://v8.prnx.net/hello/set-nonsecure2b.asp http://v8.prnx.net/hello/set-secure2b.asp https://v8.prnx.net/hello/secure2b.asp https://v8.prnx.net/hello/set-secure2c1.asp http://v8.prnx.net/hello/set-secure2c2.asp https://v8.prnx.net/hello/secure2c.asp
Set-Cookie: __Secure-test=helloworld; Secure;
Requested page | Set-Cookie header | Safari 5, Safari 10, Internet Explorer 11, Edge 40 |
FireFox 56, FireFox 58, Chrome 64 |
---|---|---|---|
https://mydomain.com/hello/world.htm | __Secure-test=bye; | ACCEPTED | Not accepted |
https://mydomain.com/hello/world.htm | __Secure-test=bye; Secure; | Accepted | Accepted |
http://mydomain.com/hello/world.htm | __Secure-test=bye; | ACCEPTED | Not accepted |
http://mydomain.com/hello/world.htm | __Secure-test=bye; Secure; | ACCEPTED | Not accepted |
https://v8.prnx.net/hello/set-secureprefix1.asp https://v8.prnx.net/hello/secureprefix.asp https://v8.prnx.net/hello/set-secureprefix2.asp https://v8.prnx.net/hello/secureprefix.asp http://v8.prnx.net/hello/set-secureprefix3.asp http://v8.prnx.net/hello/secureprefix.asp http://v8.prnx.net/hello/set-secureprefix4.asp https://v8.prnx.net/hello/secureprefix.asp
Set-Cookie: __Host-test=helloworld; domain=.mydomain.com; Secure;
Requested page | Set-Cookie header | Safari 5, Safari 10, Internet Explorer 11, Edge 40 |
FireFox 56, FireFox 58, Chrome 64 |
---|---|---|---|
https://mydomain.com/hello/world.htm | __Host-test=bye; Secure | Accepted | Accepted |
https://www.mydomain.com/hello/world.htm | __Host-test=bye; domain=.mydomain.com; Secure | ACCEPTED | Not accepted |
https://prnx.net/hello/set-hostprefix1a.asp https://v8.prnx.net/hello/set-hostprefix1b.asp https://v8.prnx.net/hello/hostprefix.asp https://prnx.net/hello/hostprefix.asp
Set-Cookie: test=none; Set-Cookie: test=expires; expires=Thu, 22-Jan-2015 00:00:10 GMT Set-Cookie: test=maxage; Max-Age=900
Set-Cookie headers | Safari 5, Chrome 39, Internet Explorer 11, FireFox 34 |
---|---|
Set-Cookie: test=none; Set-Cookie: test=expires; expires=Thu, 22-Jan-2015 00:00:10 GMT | Last header is executed / value="expires" |
Set-Cookie: test=expires; expires=Thu, 22-Jan-2015 00:00:10 GMT Set-Cookie: test=maxage; Max-Age=900 | Last header is executed / value="maxage" |
Set-Cookie: test=maxage; Max-Age=900 Set-Cookie: test=none; | Last header is executed / value="none" |
Set-Cookie: test=none; Set-Cookie: test=httponly; HttpOnly; | Last header is executed / HttpOnly |
Set-Cookie: test=httponly; HttpOnly; Set-Cookie: test=secure; Secure; | Last header is executed / Secure |
Set-Cookie: test=secure; Secure; Set-Cookie: test=none | Last header is executed / value="none" |
Set-Cookie: test=none Set-Cookie: test=expired; expires=Thu, 01-Jan-1970 00:00:10 GMT | Last header is executed / cookie removed |
Mail your comments to gertjans@xs4all.nl.