Tool

Cookie Inspector

Runs locally in your browser; pasted data/files are not uploaded.
Tool

Cookie Inspector

Parse and analyze Set-Cookie headers or page cookie dumps to surface security, scope, and privacy issues with remediation guidance. Useful for privacy, security, and ad ops teams to quickly understand cookie risks and fixes.

Paste Set-Cookie headers or Cookie request strings to analyze attributes and highlight issues.

Cookie Inspector

Parse Set-Cookie headers or Cookie request strings and surface security issues.

Runs locally in your browser.
ExamplesTap to load a sample
ValidationAwaiting inputRFC6265 + browser rules

Parser runs locally and evaluates modern cookie requirements (SameSite, Secure, prefixes, size).

Cookies:
Avg size:
SameSite=None: 0
Partitioned: 0
Secure: 0
HttpOnly: 0

Parsed cookies

Filter by name, domain, or source.
Paste Set-Cookie headers or Cookie request values, then click Analyze.

Summary

Overview of issues found.

No cookies parsed yet.

More Info

How it works

The Cookie Inspector parses Set-Cookie headers and page cookies to display attributes like Domain, Path, Expires/Max-Age, Secure, HttpOnly, and SameSite, and flags common security and privacy issues with remediation tips.

Use it to audit cookie headers for security, privacy, and scope issues before deployment.

What you can do with it

  • Quickly spot insecure cookie configurations that break auth or privacy.
  • Provide clear remediation steps for engineers and QA.
  • Generate exportable audit reports for compliance teams.

Common tasks

  • Debug missing session cookies or cross-site login issues.
  • Audit tracking cookies for expiry and scope.
  • Prepare compliance reports for privacy reviews.
Data handling: This tool runs locally in your browser. Data you paste or files you upload stay on your device and are not uploaded.

Quick steps

  1. Paste one or more Set-Cookie headers or Cookie request lines.
  2. Click Analyze to parse the cookies.
  3. Review parsed cookies, warnings, and suggested fixes.

Related tools

More tools in the privacy category.

  • TCF String Decoder Decode IAB TCF v2 consent strings into human-readable metadata, purposes, and vendor consent arrays. Paste a TC string from a CMP or euconsent-v2 cookie, and instantly see what it contains for QA, troubleshooting, and compliance checks. Everything runs client-side for privacy.

Before you start

  • Paste Set-Cookie headers or Cookie request lines.
  • Use example inputs to see common patterns and edge cases.

What you get

  • Parsed cookie list with attributes and warnings.
  • JSON export with full attribute details.

Common pitfalls

  • Cookie values are masked by default to avoid leaking sensitive data.
  • Request cookies (Cookie header) do not include attributes.

Tips for best results

  • Paste raw input so the tool can apply formatting consistently.
  • If output looks wrong, validate the input for missing commas or tags.
  • Use the example buttons above to sanity-check formatting and behavior.

Accuracy & limitations

  • Outputs are deterministic and based only on the input you provide.
  • When official specs exist, the tool favors strict parsing over guesses.
  • URL-based tools can vary by region, cache, or upstream availability.
  • Always validate critical outputs in your production systems before launch.

Trust & quality

  • Maps data to published standards and versioned lists.
  • Highlights security/privacy flags explicitly.

Who it is for

  • QA and support teams validating outputs before launch.
  • Analysts and operators who need fast clarity on raw data.
  • Engineers and technical writers documenting system behavior.

When to use this tool

  • You need a quick answer without scripting or a full IDE.
  • You want a repeatable, shareable output for teammates.
  • You are troubleshooting inconsistent or malformed input.

Quick checklist

  • Input is complete and copied in full.
  • Output matches expectations and no errors are shown.
  • Share or export the result if you need to keep a record.

Frequently asked questions

Is it free to use?

Yes. Core tools are free and accessible without signup.

Does it upload my data?

This tool runs locally in your browser. Data you paste or files you upload stay on your device and are not uploaded.

What if I spot a bug?

Please reach out via the Contact page with a reproduction example.

Can it read browser cookies directly?

No. Paste the Cookie or Set-Cookie header values you want to inspect.

Does it handle multiple Set-Cookie headers?

Yes. Paste multiple lines or combined headers and it will split them.

Are cookie values uploaded?

No. Parsing runs locally, and values are masked by default.

Helpful links

Tool guideAll guidesUse casesFAQGlossaryUpdatesAboutPrivacyTermsContact

Standards & references

Official specs that inform how this tool interprets data.

RFC 6265 (HTTP State Management)RFC 6265bis (HTTP Cookies)

Support

Support