# Can I Set a Cookie from My Vercel Project Subdomain to Vercel.app?

**Author:** Ismael Rumzan

---

In general, if you use the `Set-Cookie` header in your subdomain with `name=cookievalue; Domain=yourapexdomain.com`, the cookie will be applied to the apex domain `yourapexdomain.com`. If you do this at the level of your [Vercel Project](https://vercel.com/docs/concepts/projects/overview) subdomain such as `myprojectname.vercel.app`, will the cookie be applied to `vercel.app`?

## The Public Suffix List

`vercel.app` is under the [public suffix list](https://publicsuffix.org/) for security purposes and as described in [Wikipedia](https://en.wikipedia.org/wiki/Public_Suffix_List), one of it’s uses is to avoid supercookies. These are cookies with an origin set at the top-level or apex domain such as `vercel.app`. If an attacker in control of a Vercel project subdomain website sets up a supercookie, it can disrupt any site at the level of `vercel.app` or below such as `anotherproject.vercel.app`.

Therefore, for your own security, it is not possible to set a cookie at the level of `vercel.app` from your project subdomain.

---

[View full KB sitemap](/kb/sitemap.md)
