add set-cookie

s1gr1d · s1gr1d · commit 0a6327d3c277 · 2025-11-25T11:34:34.000+01:00
diff --git a/develop-docs/sdk/expected-features/data-handling.mdx b/develop-docs/sdk/expected-features/data-handling.mdx
@@ -43,7 +43,7 @@ Before sending events to Sentry, the SDKs should invokes callbacks. That allows
 
 ### Cookies
 
-Since cookies can contain a mix of sensitive and non-sensitive data, SDKs should parse the cookie header and filter values on a per-key basis, depending on the SDK setting and the sensitivity of the cookie value.
+Since `Cookie` and `Set-Cookie` headers can contain a mix of sensitive and non-sensitive data, SDKs should parse the cookie header and filter values on a per-key basis, depending on the SDK setting and the sensitivity of the cookie value.
 In case, the SDK cannot parse each cookie key-value pair, the entire cookie header must be replaced with `"[Filtered]"`. An unfiltered, raw cookie header value must never be sent.
 
 This selective filtering prevents capturing sensitive data while retaining harmless contextual information for debugging.
@@ -53,6 +53,7 @@ When attached as span attributes, the results should be as follows:
 
 - `http.request.header.cookie.user_session: "[Filtered]"`
 - `http.request.header.cookie.theme: "dark-mode"`
+- `http.request.header.set_cookie.theme: "light-mode"`
 - `http.request.header.cookie: "[Filtered]"` (Used as a fallback if the cookie header cannot be parsed)
 
 ### Application State
diff --git a/develop-docs/sdk/expected-features/index.mdx b/develop-docs/sdk/expected-features/index.mdx
@@ -361,7 +361,7 @@ The HTTP Client integration should have 3 configuration options:
   - If the language has a `Range` type, it should be used instead of `HttpStatusCodeRange`.
 - `failedRequestTargets` defaults to (`.*`), this configuration option accepts a `List` of `String` that may be Regular expressions as well, similar to <Link to="/sdk/telemetry/traces/#tracepropagationtargets">tracePropagationTargets</Link>.
   - The SDK will only capture HTTP Client errors if the HTTP Request URL is a match for any of the `failedRequestsTargets`.
--  While the keys of sensitive HTTP headers (e.g. `Cookie` and `Set-Cookie`) are included, their values must be replaced with `"[Filtered]"` (also see <Link to="/sdk/expected-features/data-handling/#sensitive-data">Data Handling: Sensitive Data</Link>).
+-  While the keys of sensitive HTTP headers (e.g. `Authorization` and `Cookie`) are included, their values must be replaced with `"[Filtered]"` (also see <Link to="/sdk/expected-features/data-handling/#sensitive-data">Data Handling: Sensitive Data</Link>).
 
 The HTTP Client integration should capture error events with the following properties:
 
