<meta> element provides an equivalent ability to sending certain HTTP response headers via the
http-equiv attribute, which can even be used to set new cookies or override existing cookies.
<meta http-equiv="Set-Cookie" content="key=value">
In an effort to mitigate the risk of cross-site scripting (XSS) attacks, this legacy behaviour has been removed from the latest HTML spec. Google Chrome 65 has already dropped the support in March 2018, and Firefox will follow soon.
Web developers are encouraged to use the standard
Set-Cookie HTTP header with the
SameSite directives to increase security.