Cybersecurity

Cookie Checker & Analyser

Analyse cookie security attributes including Secure, HttpOnly, and SameSite flags. Identify security vulnerabilities and GDPR compliance issues with actionable recommendations.

Estimated time: 1-2 min
Difficulty level: Beginner
Privacy: Runs locally
All Cybersecurity tools
5000ms CPU256MB RAM64KB in · 256KB outEducational, no sensitive data
Mode

One cookie per line. Supports full Set-Cookie: header format or plain cookie strings.

Export

Download results as PDF, CSV, or JSON.

Run the tool to enable exports.

Understanding Cookie Security

Secure Flag

The Secure flag ensures cookies are only sent over HTTPS connections, preventing transmission over unencrypted HTTP where attackers could intercept them via man-in-the-middle attacks.

HttpOnly Flag

The HttpOnly flag prevents JavaScript from accessing the cookie via document.cookie. This is critical for session cookies to mitigate Cross-Site Scripting (XSS) attacks.

SameSite Attribute

Controls when cookies are sent with cross-site requests:

  • Strict: Only sent for same-site requests
  • Lax: Sent for top-level navigations (recommended default)
  • None: Sent for all requests (requires Secure flag)

Best Practices

  • • Always use Secure for sensitive cookies
  • • Set HttpOnly unless JS access is required
  • • Use SameSite=Lax as a baseline
  • • Set appropriate expiration with Max-Age