Cookie Parser Online

Parse HTTP cookie strings and view cookie attributes instantly. Extract cookie names, values, and flags.

Cookie String (Parse)

Quick paste:

Create Cookie (Set-Cookie)

Name *

Value *

Domain

Path

Expires

Max-Age

SameSite

Priority

SecureHttpOnlyPartitioned

What This Tool Does

This cookie parser online parses HTTP cookie strings and displays cookie names, values, and attributes (Secure, HttpOnly, SameSite, Domain, Path, Expires, Max-Age). Paste a Cookie or Set-Cookie header and view the result instantly. You can also build Set-Cookie strings.

Examples

Input:

sessionId=abc123; Secure; HttpOnly; SameSite=Lax

Output (parsed):

{
  sessionId: "abc123",
  Secure: true,
  HttpOnly: true,
  SameSite: "Lax"
}

About Cookie Parser

The Cookie Parser helps web developers work with HTTP cookies and Set-Cookie headers. It parses both browser cookie strings (multiple name=value pairs) and Set-Cookie header format (one cookie with Path, Domain, Expires, Secure, HttpOnly, SameSite, etc.), decodes values, and lets you build valid Set-Cookie strings. All processing runs in your browser—no server, no storage.

How to Parse Cookies

Paste your cookie string into the input box. The tool auto-detects the format:

Browser cookie string — e.g. sessionId=abc123; theme=dark; csrftoken=xyz. Each name=value pair is one cookie.
Set-Cookie header — e.g. sessionId=abc123; Path=/; Secure; HttpOnly; SameSite=Lax. The first pair is the cookie name and value; the rest are attributes (Path, Domain, Expires, Max-Age, Secure, HttpOnly, SameSite).

Values are URL-decoded automatically (e.g. user=John%20Doe → John Doe). If a value is valid JSON, a “Show JSON” preview is available.

Cookie Attributes Explained

Domain — Which host(s) can receive the cookie (e.g. .example.com).
Path — URL path that must be in the request to send the cookie (e.g. / or /api).
Expires — Absolute expiration date in GMT (e.g. Wed, 21 Oct 2025 07:28:00 GMT).
Max-Age — Lifetime in seconds from when the cookie is set. Takes precedence over Expires if both are present.
Secure — Cookie is sent only over HTTPS.
HttpOnly — Cookie is not accessible from JavaScript (helps prevent XSS).
SameSite — Strict (never cross-site), Lax (top-level navigation only), or None (always; requires Secure).
Priority — Chrome-only: High, Medium, or Low for storage eviction.
Partitioned — CHIPS: cookie is partitioned by top-level site.

Example Cookie Strings

Multiple cookies (browser format):

sessionId=abc123; theme=dark; csrftoken=xyz

Single Set-Cookie header:

sessionId=abc123; Path=/; Max-Age=3600; Secure; HttpOnly; SameSite=Lax

What is a Set-Cookie Header

Set-Cookie is an HTTP response header sent by the server to create or update a cookie in the browser. It contains the cookie name and value plus optional attributes (Path, Domain, Expires, Max-Age, Secure, HttpOnly, SameSite). The browser stores the cookie and sends it back with future requests that match the Domain and Path. This tool parses Set-Cookie strings and can generate them for use in your backend or API responses.

Cookie Parser Use Cases

Parsing cookies from browser dev tools or network tabs
Creating Set-Cookie headers for API responses
Understanding cookie attributes and security
Debugging cookie-related issues
Testing cookie behavior
Exporting cookie data as JSON, CSV, or cookie file

How Developers Debug Cookies

Developers use this cookie parser to inspect cookies from the Application tab (Chrome) or Storage tab (Firefox), or from the Cookie request/response headers in the Network panel. Paste the cookie string or a Set-Cookie header, then use the statistics panel to see counts (Secure, HttpOnly, SameSite), search and sort the table, and copy individual Set-Cookie headers for replay or debugging. Validation warnings highlight common issues like SameSite=None without Secure or invalid Expires format.

Browser Cookie vs Set-Cookie Header

Browser cookie string (e.g. from document.cookie or dev tools) contains multiple cookies as name=value; name2=value2. There are no attributes like Path or Domain—those are stored by the browser separately. Set-Cookie header is what the server sends in an HTTP response: one cookie per header, with optional attributes (Path=, Domain=, Expires=, Max-Age=, Secure, HttpOnly, SameSite=). This tool detects the format automatically and parses accordingly.

Common Cookie Mistakes

SameSite=None without Secure — Browsers reject cookies with SameSite=None unless the Secure flag is set.
Spaces in cookie names — Cookie names should not contain spaces or special characters.
Invalid Expires format — Use GMT format, e.g. Wed, 21 Oct 2025 07:28:00 GMT.
Missing HttpOnly for session cookies — Session or auth cookies should typically set HttpOnly to reduce XSS risk.

Supported Cookie Formats

This cookie parser supports multiple input formats. Paste any of the following and the tool will detect the format and parse the cookies automatically.

Browser cookie strings — Name-value pairs separated by semicolons, as copied from browser dev tools or document.cookie.
Set-Cookie headers — Full Set-Cookie response header lines including Path, Domain, Expires, Secure, HttpOnly, SameSite, and other attributes.
HTTP request headers — Raw request headers containing a Cookie: line; the tool extracts the cookie string from the header block.
curl command cookies — curl commands that include -H "Cookie: ..." or -H 'Cookie: ...'; the tool extracts the cookie value from the command.

Examples:

sessionId=abc123; theme=dark
Set-Cookie: sessionId=abc123; Path=/; Secure
GET /api HTTP/1.1
Cookie: sessionId=abc123
curl https://example.com -H "Cookie: sessionId=abc123"

Key Features

Parse browser cookie strings and Set-Cookie headers
URL-decode values and optional JSON preview
Statistics panel, search, sort, and table view
Copy and download: JSON, CSV, cookie file, Set-Cookie per row
Create cookies with Domain, Path, Expires, Max-Age, Secure, HttpOnly, SameSite, Priority, Partitioned
100% browser-based — no server, no storage

Explore these related free tools to enhance your productivity and workflow.

Local Storage Viewer

View and edit localStorage data for the current domain

Session Storage Viewer

View and edit sessionStorage data for the current session

Browser Info Tool

View comprehensive browser information and capabilities

URL Parser

Parse URLs and extract all components including query parameters

Domain Extractor

Extract domains from URLs with optional subdomain removal

Regex Tester

Test regular expressions with match highlighting and common patterns

Frequently Asked Questions

What is a cookie string?

A cookie string is the value of the Cookie HTTP header or the Set-Cookie header. For Cookie (request), it is name=value; name2=value2. For Set-Cookie (response), it is name=value; Path=/; Secure; HttpOnly; SameSite=Lax. This tool parses both formats.

What is HttpOnly?

HttpOnly is a cookie flag that prevents JavaScript from reading the cookie via document.cookie. It reduces the risk of XSS stealing session cookies. Only the server can set and read HttpOnly cookies via HTTP headers.

What is SameSite?

SameSite is a cookie attribute that controls when the browser sends the cookie. SameSite=Strict sends only for same-site requests; Lax allows top-level navigation; None sends for all requests (requires Secure). It helps prevent CSRF.

Is there a free cookie parser online?

Yes. This cookie parser runs entirely in your browser—no signup, no upload. Paste any cookie string (from dev tools or Set-Cookie header) and it will parse and decode it instantly, showing name, value, domain, path, and other attributes.

How do I parse cookies?

Paste a cookie string (from browser dev tools or Set-Cookie header) into the input field. The tool auto-detects format: multiple cookies (name=value; name2=value2) or a single Set-Cookie header with attributes. It decodes values and displays a table with all attributes.

How do I create a cookie string?

Use the 'Create Cookie' section to build a cookie string. Enter name and value, then optionally set domain, path, expiration, Max-Age, and security flags (Secure, HttpOnly, SameSite, Priority, Partitioned). The tool generates a valid Set-Cookie string.

What cookie attributes are supported?

The tool supports Domain, Path, Expires, Max-Age, Secure, HttpOnly, SameSite, Priority, and Partitioned. You can parse existing cookies or create new ones with any combination of these attributes.

Can I view my current browser cookies?

Yes! Click 'Load Current Cookies' to load all cookies from the current page. This shows you all cookies set for the current domain, useful for debugging and development.

Is the cookie parser free to use?

Yes! Our cookie parser is 100% free with no registration required, no usage limits, and no hidden fees. You can parse and create as many cookies as you need for your development work.

Are my cookies stored or tracked?

No, all cookie parsing happens locally in your browser. We don't store, save, or have access to any cookies you parse or create. Your privacy is completely protected.

What's the difference between Expires and Max-Age?

Expires sets an absolute expiration date/time, while Max-Age sets a relative expiration time in seconds from when the cookie is set. Max-Age is preferred in modern applications as it's more reliable.

What does SameSite attribute do?

SameSite controls when cookies are sent with cross-site requests. 'Strict' never sends cookies cross-site, 'Lax' sends cookies for top-level navigation, and 'None' always sends cookies (requires Secure flag).

Can I parse multiple cookies at once?

Yes! Paste a browser cookie string (e.g. sessionId=abc; theme=dark) and each name=value pair is parsed as a separate cookie. Paste a Set-Cookie header and it is parsed as one cookie with all attributes.

How do I use the generated cookie string?

Copy the generated cookie string and use it in Set-Cookie HTTP headers when setting cookies from a server, or use document.cookie in JavaScript (though HttpOnly cookies can't be set via JavaScript).