diff --git a/lib/pure/cookies.nim b/lib/pure/cookies.nim
index 25d701eb4471..132f64637e8a 100644
--- a/lib/pure/cookies.nim
+++ b/lib/pure/cookies.nim
@@ -50,6 +50,9 @@ proc setCookie*(key, value: string, domain = "", path = "",
                 maxAge = none(int), sameSite = SameSite.Default): string =
   ## Creates a command in the format of
   ## `Set-Cookie: key=value; Domain=...; ...`
+  ##
+
+  ## .. tip: Cookies can be vulnerable. Consider setting `secure=true`, `httpOnly=true` and `sameSite=Strict`.
   result = ""
   if not noName: result.add("Set-Cookie: ")
   result.add key & "=" & value