Click the button to trigger a cross-origin request with credentials.
If you examine the request and response details, you'll see that we are sending the cookie and receiving an updated cookie value with each request.
Again, since this is a cross-origin request, we will only see a limited subset of response headers.
Also see: what happens when withCredentials is false.