diff --git a/tools/msftidy.rb b/tools/msftidy.rb
index 1c41c9ec66..b95b6e34aa 100755
--- a/tools/msftidy.rb
+++ b/tools/msftidy.rb
@@ -465,6 +465,11 @@ class Msftidy
       if ln =~ /(?<!\.)datastore\[["'][^"']+["']\]\s*=(?![=~>])/
         error("datastore is modified in code: #{ln}", idx)
       end
+
+      # do not read Set-Cookie header
+      if ln =~ /\[['"]Set-Cookie['"]\]/
+        warn("Do not read Set-Cookie header directly, use res.get_cookies instead: #{ln}", idx)
+      end
     }
   end