Access-Control-Allow-Origin: https://example.net Access-Control-Allow-Credentials: true Set-Cookie: faviconCookie2=test; SameSite=None; Secure;