Cookie Inspect

Inspect Cookie / Set-Cookie attributes and consistency in your browser. No input is sent to a server. Use it for first-pass operational troubleshooting.

Status

Runs in your browser. No input is sent to a server. Use this as a first-pass diagnostic step.

How to use

Paste Set-Cookie or Cookie and click “Parse”. Attributes are listed.

Notes (this tool)

  • Set-Cookie is parsed per line.

About this page

What does this tool do?

Paste Set-Cookie or Cookie headers to list attributes clearly.

Useful for checking SameSite / Secure / HttpOnly settings.

Paste headers copied from logs/DevTools to troubleshoot cookie sending/storage conditions.

Typical use cases

  • Check when cookies are sent or blocked due to SameSite
  • Inspect Secure/HttpOnly/Path/Domain settings
  • Review multiple Set-Cookie lines at once

Set-Cookie is a response header that instructs the browser to store a cookie. Cookie is a request header that carries cookies the browser sends back.

Key attributes (quick guide)

  • Domain/Path: scope of where cookies are sent
  • Expires/Max-Age: lifetime
  • Secure: send over HTTPS only
  • HttpOnly: not accessible via JavaScript
  • SameSite: controls cross-site sending

What this tool does

  • Parse Set-Cookie attributes
  • List Cookie key=value pairs
  • Handle multiple Set-Cookie lines

Debugging workflow (recommended)

  • Paste Cookie or Set-Cookie values
  • Review attributes such as Secure, HttpOnly, and SameSite
  • Check Domain and Path conflicts with related tools

Operational notes

  • Behavior can vary with browser implementation differences and default changes.
  • Duplicate cookie names and Path or Domain differences often cause operational issues.

Referenced specs

  • RFC 6265 (HTTP Cookies)
  • SameSite rules (browser conventions)

FAQ

Can I paste multiple Set-Cookie lines?

Yes. Each line is parsed and listed.

What is required for SameSite=None?

In practice, Secure is generally required as well (browser-dependent behavior).

Why isn’t my cookie being sent?

Common causes include Domain/Path mismatch, Secure/HTTPS, SameSite rules, and expiration.

References

  1. RFC 6265 (HTTP Cookies)
  2. MDN: Set-Cookie

These links are generated from site_map rules in recommended diagnostic order.

  1. Request/Response Diff — Compare header differences between request and response
  2. Set-Cookie Conflict Checker — Detect same-name cookie conflicts and overwrite risks
  3. Request Headers Parser — Parse request headers into structured data
  4. SameSite Cookie Simulator — Simulate cookie send behavior from SameSite and request context

Example

Set-Cookie: sid=abc; Path=/; HttpOnly; Secure; SameSite=Lax
Cookie: sid=abc; theme=dark