diff --git a/lib/matchers.js b/lib/matchers.js
index fe9b907..854ba8e 100644
--- a/lib/matchers.js
+++ b/lib/matchers.js
@@ -44,6 +44,12 @@ const DEEP_HEADER_SET_COOKIE = {
   replacement: '[REDACTED_HEADER_SET_COOKIE]',
 }
 
+const DEEP_HEADER_COOKIE = {
+  type: TYPE_PATH,
+  predicate: ({ path }) => path.endsWith('.headers.cookie'),
+  replacement: '[REDACTED_HEADER_COOKIE]',
+}
+
 const REWRITE_REQUEST = {
   type: TYPE_PATH,
   predicate: ({ path }) => path.endsWith('.request'),
@@ -76,6 +82,7 @@ module.exports = {
   URL_MATCHER,
   DEEP_HEADER_AUTHORIZATION,
   DEEP_HEADER_SET_COOKIE,
+  DEEP_HEADER_COOKIE,
   REWRITE_REQUEST,
   REWRITE_RESPONSE,
 }
diff --git a/lib/server.js b/lib/server.js
index d8bf262..555e37d 100644
--- a/lib/server.js
+++ b/lib/server.js
@@ -6,6 +6,7 @@ const {
   DEEP_HEADER_SET_COOKIE,
   REWRITE_REQUEST,
   REWRITE_RESPONSE,
+  DEEP_HEADER_COOKIE,
 } = require('./matchers')
 
 const {
@@ -24,6 +25,7 @@ const _redact = redactMatchers(
   JSON_WEB_TOKEN,
   DEEP_HEADER_AUTHORIZATION,
   DEEP_HEADER_SET_COOKIE,
+  DEEP_HEADER_COOKIE,
   REWRITE_REQUEST,
   REWRITE_RESPONSE,
   redactUrlMatcher(
diff --git a/test/server.js b/test/server.js
index 77d658f..794bca2 100644
--- a/test/server.js
+++ b/test/server.js
@@ -123,3 +123,17 @@ t.test('serialize a redactError', async t => {
   t.same(goodError.stack, badError.stack, 'should serialize stack')
   t.same(serialized.sensitive, undefined, 'should not serialize sensitive data')
 })
+
+t.test('readcts header.cookie', async t => {
+  const input = {
+    headers: {
+      cookie: examples.COOKIE,
+    },
+  }
+  const output = redact(input)
+  t.same(output, {
+    headers: {
+      cookie: matchers.DEEP_HEADER_COOKIE.replacement,
+    },
+  })
+})