Denial of Service using Cookie Bombing

Denial of Service (DoS)

While observing headers and response of the first request which was simple GET request to homepage WWW.EXAMPLE.COM, it came to my mind that why not check hidden get parameters?