diff --git a/files/en-us/web/http/headers/set-cookie/index.md b/files/en-us/web/http/headers/set-cookie/index.md index 080b6f84db3cf6e..de33b35c6572ef7 100644 --- a/files/en-us/web/http/headers/set-cookie/index.md +++ b/files/en-us/web/http/headers/set-cookie/index.md @@ -228,7 +228,7 @@ Set-Cookie: __Host-id=1; Secure; Path=/; Domain=example.com Set-Cookie: __Host-example=34d8g; SameSite=None; Secure; Path=/; Partitioned; ``` -> **Note:** Partitioned cookies must be set with `Secure` and `Path=/`. In addition, it is recommended to use the `__Host` prefix when setting partitioned cookies to make them bound to the hostname and not the registrable domain. +> **Note:** Partitioned cookies must be set with `Secure`. In addition, it is recommended to use the `__Host` prefix when setting partitioned cookies to make them bound to the hostname and not the registrable domain. ## Specifications diff --git a/files/en-us/web/privacy/partitioned_cookies/index.md b/files/en-us/web/privacy/partitioned_cookies/index.md index 0ee0a3b4e0587b3..e278d8590b0c8e8 100644 --- a/files/en-us/web/privacy/partitioned_cookies/index.md +++ b/files/en-us/web/privacy/partitioned_cookies/index.md @@ -34,7 +34,7 @@ Browsers with CHIPs support provide a new attribute for the {{httpheader("Set-Co Set-Cookie: __Host-example=34d8g; SameSite=None; Secure; Path=/; Partitioned; ``` -> **Note:** Partitioned cookies must be set with `Secure` and `Path=/`. In addition, it is recommended to use the `__Host` prefix when setting partitioned cookies to make them bound to the hostname and not the registrable domain. +> **Note:** Partitioned cookies must be set with `Secure`. In addition, it is recommended to use the `__Host` prefix when setting partitioned cookies to make them bound to the hostname and not the registrable domain. With `Partitioned` set, the cookie is stored using two keys, the host key and a new **partition key**. The partition key is based on the scheme and {{Glossary("eTLD", "eTLD+1")}} of the top-level URL the browser was visiting when the request was made to the URL endpoint that set the cookie.