This header is optional. The Set-Cookie header contains one cookie returned by the server. Each cookie consists of a name, a value, and the following attributes: Expires, Path, Secure, and HttpOnly. Multiple instances of this header can be returned with a different cookie name in each instance of the header.

For details about the syntax of this header, see [RFC6265].