API debugging — inspect cookies sent or received from an endpoint.Security review — verify HttpOnly/Secure/SameSite flags are set.Session debugging — see exactly what is in a session cookie.

🍪

Cookie Parser

Parse Cookie or Set-Cookie strings into a readable table. Decode URL-encoded values, identify flags (HttpOnly, Secure, SameSite). Runs in browser.

Cookie string

Format

Cookie: header (request) Set-Cookie: header (response)

URL-decode values

Reference

How does the cookie parser work?

Cookies are sent in two HTTP header formats: Cookie: (request, multiple cookies separated by ;) and Set-Cookie: (response, one cookie per header with attributes like Path, Domain, Expires, HttpOnly, Secure, SameSite). This tool splits the string, parses each entry, and identifies attributes vs. name=value pairs. URL-decoding handles values that were percent-encoded.

Common uses

API debugging — inspect cookies sent or received from an endpoint.
Security review — verify HttpOnly/Secure/SameSite flags are set.
Session debugging — see exactly what is in a session cookie.

Privacy

All parsing runs 100% in your browser. No data is sent to any server.

← Back to all tools