At https://httpd.apache.org/docs/current/mod/mod_headers.html#header where the "add" and "append" actions are described, the reader is told to not set a header multiple times, but instead to combine multiple header values into a comma separated list. This is normally correct. However, RFC 6265 specifies the following: "An origin server can include multiple Set-Cookie header fields in a single response." and "Origin servers SHOULD NOT fold multiple Set-Cookie header fields into a single header field." So, if the reader follows the documented advice and appends to an existing Set-Cookie header, the results can be undesirable. For example, I had an existing cookie's domain attribute changed to that of the cookie I was appending. Could you please add a note that while "Header add" usually isn't the correct choice, there's an exception for the "Set-Cookie" header? Thanks!