The Cookie HTTP request header contains stored HTTP cookies associated with the server (i.e. previously sent by the server with the Set-Cookie header or set in Javascript using Document.cookie).

The Cookie header is optional and may be omitted if, for example, the browser's privacy settings block cookies.

Header type Request header
Forbidden header name yes


Cookie: <cookie-list>
Cookie: name=value
Cookie: name=value; name2=value2; name3=value3
A list of name-value pairs in the form of <cookie-name>=<cookie-value>. Pairs in the list are separated by a semicolon and a space ('; ').


Cookie: PHPSESSID=298zf09hf012fh2; csrftoken=u32t4o3tb3gg43; _gat=1


Specification Title
RFC 6265, section 5.4: Cookie HTTP State Management Mechanism

Browser compatibility

BCD tables only load in the browser

See also