Cookie Analyzer

Share on X Share on Facebook Share on LinkedIn Share on Reddit

Analyze browser cookies for security attributes including Secure, HttpOnly, SameSite, and expiration. Identify security issues and get recommendations.

Cookie String or Set-Cookie Header

Enter one or more cookies to analyze their security

Cookie Security Best Practices

Secure Flag

Secure: Only send over HTTPS connections

HttpOnly Flag

HttpOnly: Prevent JavaScript access (XSS protection)

SameSite Attribute

SameSite: Control cross-site request sending

Cookie Prefixes

__Host- and __Secure- prefixes enforce security requirements

Why Analyze Cookies?

Cookies without proper security attributes can be stolen via XSS, CSRF, or man-in-the-middle attacks. Understanding cookie security helps protect user sessions.

Frequently Asked Questions

What does the Secure flag do?

The Secure flag ensures cookies are only sent over HTTPS connections, preventing interception on unsecured networks.

What is HttpOnly?

HttpOnly prevents JavaScript from accessing the cookie, protecting against XSS attacks that try to steal session cookies.

What is SameSite?

SameSite controls when cookies are sent with cross-site requests. 'Strict' or 'Lax' helps prevent CSRF attacks.

What are cookie prefixes?

__Secure- and __Host- prefixes enforce security requirements. __Host- is the most restrictive, requiring Secure, exact path, and no Domain attribute.