i think i misunderstood the management of cookies with xmlhttprequest. I have a server that response to the XMLHttpRequest made in javascript, my server returns Allow-Control-Access-Origin, Access-Control-Allow-Headers, Access-Control-Expose-Headers and Access-Control-Allow-Credentials headers with the correct value.

I'm doing a Digest Authenticate in a server with javascript, no problem in that, i receive ok the WWW-Authenticate header from server, i process and send to the server the Authorization header with all the digest-response and everything ok.
The problem is, that when the digest-challenge is succesful, my server returns a Set-Cookie Header, i have to get it and add to the rest of all of my xhr request.
The browser (using Chromium and Chrome) not let me access to the header doing:

xhr.getResponseHeader(Set-Cookie);

Ok, in the XMLHTTPREQUEST Level 2 it says: Returns all headers from the response, with the exception of those whose field name is Set-Cookie or Set-Cookie2
Ok, so i cant take it, but what are the ways? Using the Chrome Api for cookies (at the moment i dont read noting about it), but i want to do for a standard manner as posible.
With the:

xhr.withCredentials = true;

means that the browser automatically get the set-cookie and send in cookie headers??