<meta> element provides an equivalent ability to sending certain HTTP response headers via the
http-equiv attribute, which can even be used to set new cookies or override existing cookies.
<meta http-equiv="Set-Cookie" content="key=value">
In an effort to mitigate the risk of cross-site scripting (XSS) attacks, this legacy behaviour has been removed from the latest HTML spec and Firefox 68. Google Chrome 65 has already dropped the support in March 2018.
Web developers are encouraged to use the standard
Set-Cookie HTTP header with the
SameSite directives to increase security.