---
title: Adding rewrite cookie domain rules
description: Add a rewrite cookie domain rule, which converts the cookie domain returned by the site into a public-facing domain in PingAccess.
component: pingaccess
version: 9.0
page_id: pingaccess:pingaccess_user_interface_reference_guide:pa_adding_rewrite_cookie_domain_rules
canonical_url: https://docs.pingidentity.com/pingaccess/9.0/pingaccess_user_interface_reference_guide/pa_adding_rewrite_cookie_domain_rules.html
revdate: October 7, 2025
section_ids:
  before-you-begin: Before you begin
  steps: Steps
---

# Adding rewrite cookie domain rules

Add a rewrite cookie domain rule, which converts the cookie domain returned by the site into a public-facing domain in PingAccess.

When a site places a cookie on a cookie domain such as `internalsite.com` or `.internalsite.com`, PingAccess uses the information configured in the rewrite cookie domain rule to rewrite the `Domain` portion of the `Set-Cookie` response header with a public-facing domain such as `publicsite.com` or `.publicsite.com`.

|   |                                                                                                                                                                                                                                   |
| - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | You should only set the cookie in the **Public-Facing Cookie Domain** field to the virtual host name associated with that application, or to a domain that's above it. For example, `myserver.acme.com` can be set to `acme.com`. |

## Before you begin

Confirm that you aren't using the [agent](../introduction_to_pingaccess/pa_choose_a_deployment_model.html#agent) model. Rewrite cookie domain rules aren't available for agent deployments.

## Steps

1. Click **Access**, then go to **Rules > Rules**.

2. Click **[icon: plus, set=fa]Add Rule**.

3. In the **Name** field, enter a unique name up to 64 characters.

   Special characters and spaces are allowed.

4. In the **Type** list, select **Rewrite Cookie Domain**.

5. If you need to explicitly define the target host, clear the **Any Site Target Host** checkbox.

   When you select the **Any Site Target Host** checkbox, PingAccess rewrites the cookie domain if it is set to the domain defined in a site's target host list.

6. If you clear the **Any Site Target Host** checkbox, enter the domain name used by the backend site in the **Server-Facing Cookie Domain** field.

7. In the **Public-Facing Cookie Domain** field, enter the domain name that you want to display in the response from PingAccess.

8. Click **Save**.