By default we now discard all Set-Cookie and Cookie headers. User can manipulate it per route via zuul.routes.*.sensitiveHeaders, or globally via zuul.ignoredHeaders.
