All tools

Cookie Header Parser

Parse Cookie and Set-Cookie headers into structured data.

4 cookies
  • name: session_id
    value: abc123
  • name: theme
    value: dark
  • name: lang
    value: en-US
  • name: analytics_uid
    value: u_29ksjf

Name: __Host-auth

Value: eyJhbGc

  • path: /
  • domain: example.com
  • max-age: 86400
  • secure: (flag set)
  • httponly: (flag set)
  • samesite: Lax

Common attributes

  • Secure: only sent over HTTPS
  • HttpOnly: not readable from JS, blocks XSS theft
  • SameSite=Lax/Strict/None: cross-site request behavior
  • __Host- prefix: forces Secure, no Domain, Path=/
  • Max-Age: seconds; Expires is the absolute alternative

Set-Cookie is one cookie per header. The request-side Cookie header is a single line of "name=value;" pairs. Browsers reject Set-Cookie when the response sets contradictory flags.

About

Paste a Cookie header (request-side) to break it into name/value pairs. Paste a Set-Cookie header (response-side) to see Domain, Path, Max-Age, Secure, HttpOnly, SameSite, and other attributes.

How to use

  1. Paste the Cookie or Set-Cookie header.
  2. Read the parsed pairs and attributes.

FAQ

What's the __Host- prefix?+

A cookie name prefix that forces Secure, no Domain attribute, and Path=/. Browsers reject the cookie if those constraints aren't met. Best practice for session cookies.