How to Set `SameSite` Attribute in netlify.toml


What is the proper syntax to set the SameSite attributes to SameSite=None; Secure in a netlify.toml?

We are getting cross-site request errors between ours and for delivering images that are fetched here on Netlify and transformed/optimized at ImageKit and then sent to the client.

The effected cookies:

Name Domain & Path

I appreciate your help in advance – esp. being this is an area I am not to speed with :wink:

Same Site is a cookie attribute. It’s supposed to be set with a set-cookie header, it’s not a header itself. But I don’t think you’re doing what you think you’re. Mind sharing your site so we can see the issue?

Thank you, I am aware that its an attribute headers setting: Set-Cookie.

The question is how to properly set this in the netlfy.toml – not sure what ==value should be/is-correct and should there be a dot prefexing as the response shows; i.e ??

Using the following two cookies, would this be correct?


  for = "/*"
    . . .
    # ==== Cookies =====>
    Set-Cookie = '''
      _gcl_au=1.1.1322023902.1688267673; Secure;,
      _gid=GA1.2.640555962.1688267674; Secure;,
      _ga_WQGX7PLP73=GS1.1.1688267673.1.1.1688268410.60.0.0; Secure;,
      _ga=GA1.2.1028778481.1688267674; Secure;,
      _uetsid=915e8540188611ee83c771cbc457e810; Secure;,
      _uetvid=915e62d0188611eebe94f791ad0fcebe; Secure;
  . . .

Note: No need to send site info & I don’t want to send up the wrong Netlify formatting/settings – there are many stake-holders accessing the staging site over the weekend but this header policy needs to be implemented asap.

Thank you again

Unless your site runs on, you can’t set a cookie for that domain. Which is why I asked for your site to see the exact issue.