MDN’s new design is in Beta! A sneak peek:


This feature is obsolete. Although it may still work in some browsers, its use is discouraged since it could be removed at any time. Try to avoid using it.

The obsolete Set-Cookie2 HTTP response header used to send cookies from the server to the user agent, but has been deprecated by the specification. Use Set-Cookie instead.

Header type Response header
Forbidden header name no


Set-Cookie2: <cookie-name>=<cookie-value> 
Set-Cookie2: <cookie-name>=<cookie-value>; Comment=<value>
Set-Cookie2: <cookie-name>=<cookie-value>; CommentURL=<http-url>
Set-Cookie2: <cookie-name>=<cookie-value>; Discard
Set-Cookie2: <cookie-name>=<cookie-value>; Domain=<domain-value>
Set-Cookie2: <cookie-name>=<cookie-value>; Max-Age=<non-zero-digit>
Set-Cookie2: <cookie-name>=<cookie-value>; Path=<path-value>
Set-Cookie2: <cookie-name>=<cookie-value>; Port=<port-number>
Set-Cookie2: <cookie-name>=<cookie-value>; Secure
Set-Cookie2: <cookie-name>=<cookie-value>; Version=<version-number>

// Multiple directives are also possible, for example:
Set-Cookie2: <cookie-name>=<cookie-value>; Domain=<domain-value>; Secure

// Multiple cookies are seperated by a comma
Set-Cookie2: <cookie-name>=<cookie-value>, <cookie-name>=<cookie-value>, ...


Specification Title
RFC 2965: Set-Cookie2 Historic specification of HTTP State Management Mechanism, obsoleted by RFC 6265

Browser compatibility

FeatureChromeFirefoxEdgeInternet ExplorerOperaSafari
Basic Support(No)(No)(No)(No)(No)(No)
FeatureAndroidChrome for AndroidEdge mobileFirefox for AndroidIE mobileOpera AndroidiOS Safari
Basic Support(No)(No)(No)(No)(No)(No)(No)

See also

Document Tags and Contributors

 Contributors to this page: fscholz
 Last updated by: fscholz,