By user77480

2009-03-12 23:53:45 8 Comments

What is the maximum size of a web browser's cookie's key?

I know the maximum size of a cookie is 4KB, but does the key have a limitation as well?


@Behnam Mohammadi 2017-02-18 13:42:24

After testing a few browsers myself, and using Browser Shots I have compiled the following list

enter image description here

@Ajmal Praveen 2017-09-15 09:40:54

Answered at 18-02-2017 LOL, but that Versions are Very older Out Dated.

@Robby Groot 2017-11-07 10:25:27

@AjmalPraveen That's because this answer is copied from this site (although an older version, like you said). A source would have been nice, so interested people can look at a more up-to-date source

@gskema 2018-03-26 08:01:41

This exact table is updated and available at

@Iain 2011-01-05 12:57:15

The 4K limit you read about is for the entire cookie, including name, value, expiry date etc. If you want to support most browsers, I suggest keeping the name under 4000 bytes, and the overall cookie size under 4093 bytes.

One thing to be careful of: if the name is too big you cannot delete the cookie (at least in JavaScript). A cookie is deleted by updating it and setting it to expire. If the name is too big, say 4090 bytes, I found that I could not set an expiry date. I only looked into this out of interest, not that I plan to have a name that big.

To read more about it, here are the "Browser Cookie Limits" for common browsers.

While on the subject, if you want to support most browsers, then do not exceed 50 cookies per domain, and 4093 bytes per domain. That is, the size of all cookies should not exceed 4093 bytes.

This means you can have 1 cookie of 4093 bytes, or 2 cookies of 2045 bytes, etc.

I used to say 4095 bytes due to IE7, however now Mobile Safari comes in with 4096 bytes with a 3 byte overhead per cookie, so 4093 bytes max.

@ulkas 2013-01-04 13:46:07

the 4K limit refers to all cookies under a specific domain - thus when this limit is reached, you will likely be unable to create a new cookie.

@Iain 2013-03-08 07:42:57

@ulkas: I have added that in now. Once the limit is reached I have observed in many browsers you can create new cookies, but it will delete a bunch of the existing ones.

@Jim OHalloran 2018-01-20 04:53:23

Note: RFC 2965 has been obsoleted and replaced by RFC 6265. The limits section is largely unchanged (see:, but RFC 6265 is now the canonical source.

@John Feminella 2009-03-13 00:06:23

Actually, RFC 2965, the document that defines how cookies work, specifies that there should be no maximum length of a cookie's key or value size, and encourages implementations to support arbitrarily large cookies. Each browser's implementation maximum will necessarily be different, so consult individual browser documentation.

See section 5.3, "Implementation Limits", in the RFC.

@BenSwayne 2013-03-20 19:04:38

As usual, "spec" and "real-world" seem to be completely different. Because cookies are sent with EVERY http request, it is actually a good thing there are limits.

@Limited Atonement 2015-03-07 08:55:35

That's a pretty useless spec if in actuality there are limits! This is the "correct' answer, though!

@William 2015-09-03 18:00:47

I don't understand why browsers choose not to follow this spec. There is no reason why I shouldn't be able to dump more than 4KB (which is not that much) into a cookie, when stuff like localStorage already exists.

@Jim OHalloran 2018-01-20 04:53:35

Note: RFC 2965 has been obsoleted and replaced by RFC 6265. The limits section is largely unchanged (see:, but RFC 6265 is now the canonical source.

@Michael 2012-06-21 21:56:03

You can also use web storage too if the app specs allows you that (it has support for IE8+).

It has 5M (most browsers) or 10M (IE) of memory at its disposal.

"Web Storage (Second Edition)" is the API and "HTML5 Local Storage" is a quick start.

@ilasno 2014-01-04 22:44:05

It should probably be noted here that a caveat for using web storage is that, without a workaround, data stored in web storage can only be stored on/accessed from HTTP OR HTTPS, but not shared between them (even for the same site).

@Steve Midgley 2014-12-31 06:52:33

@ilasno Afaik the same limitation exists for traditional cookies.

@Vadorequest 2020-01-29 10:36:04

The most important caveat is rather than web storage, session storage and local storage are only accessible from the browser, not the server. That's definitely something to consider when choosing between any of those and cookies, which are readable on both browser and server.

@cgreeno 2009-03-13 00:05:07

A cookie key(used to identify a session) and a cookie are the same thing being used in different ways. So the limit would be the same. According to Microsoft its 4096 bytes.


cookies are usually limited to 4096 bytes and you can't store more than 20 cookies per site. By using a single cookie with subkeys, you use fewer of those 20 cookies that your site is allotted. In addition, a single cookie takes up about 50 characters for overhead (expiration information, and so on), plus the length of the value that you store in it, all of which counts toward the 4096-byte limit. If you store five subkeys instead of five separate cookies, you save the overhead of the separate cookies and can save around 200 bytes.

@NotMe 2009-03-13 01:32:28

Incidentally, just because you have about 4KB of browser cookie storage to play with you ought to seriously consider whether that's a good idea or not.

@Mutant 2013-09-11 21:58:03

Can you confirm if per domain/site the number of cookie can't exceed more than 20? or its increased by now?

Related Questions

Sponsored Content

3 Answered Questions

[SOLVED] What is the maximum possible length of a query string?

17 Answered Questions

[SOLVED] What is the maximum length of a URL in different browsers?

  • 2009-01-06 16:14:30
  • Sander Versluys
  • 1217653 View
  • 4752 Score
  • 17 Answer
  • Tags:   http url browser

7 Answered Questions

[SOLVED] Does every web request send the browser cookies?

  • 2009-08-26 16:52:32
  • mrblah
  • 71712 View
  • 187 Score
  • 7 Answer
  • Tags:   cookies

9 Answered Questions

[SOLVED] How do browser cookie domains work?

9 Answered Questions

6 Answered Questions

[SOLVED] Do sessions really violate RESTfulness?

1 Answered Questions

[SOLVED] size limit for multiple cookies in javascript

  • 2013-04-09 19:11:21
  • Ashkan Mobayen Khiabani
  • 46 View
  • 0 Score
  • 1 Answer
  • Tags:   javascript cookies

3 Answered Questions

[SOLVED] what happens when cookies file exceeds maximum size?

Sponsored Content