Cookie Checker
Analyze all cookies set by any website and check their security flags, expiration, and configuration.
What This Tool Checks
Complete analysis of cookie security and configuration.
Secure Flag
Checks if cookies have the Secure flag set, ensuring they are only transmitted over encrypted HTTPS connections.
HttpOnly Flag
Verifies the HttpOnly flag which prevents client-side JavaScript from accessing cookies, protecting against XSS attacks.
SameSite Attribute
Analyzes the SameSite attribute (Strict, Lax, or None) that controls when cookies are sent with cross-site requests to prevent CSRF.
Expiration & Lifetime
Reviews cookie expiration dates and max-age values. Identifies session cookies, expired cookies, and long-lived tracking cookies.
How It Works
Three simple steps to analyze any website's cookies.
Enter URL
Type the website URL you want to check. We will visit it and capture all Set-Cookie headers sent by the server.
Capture Cookies
We follow redirects and collect every Set-Cookie header at each step, then parse each cookie's attributes and flags.
Review Report
See every cookie with its security flags, domain, path, and expiry. Issues are flagged with clear descriptions of the risk.
Related Tools
Other security and analysis tools you might find useful.
Frequently Asked Questions
Common questions about cookies and web security.
What are website cookies?
Cookies are small pieces of data that websites store in your browser. They are used for session management (login state), personalization (preferences, language), and tracking (analytics, advertising). Servers set cookies via the Set-Cookie HTTP header, and the browser sends them back with subsequent requests.
What do Secure, HttpOnly, and SameSite flags mean?
The Secure flag ensures the cookie is only sent over HTTPS. HttpOnly prevents JavaScript from accessing the cookie, protecting against XSS attacks. SameSite controls cross-site behavior: Strict only sends the cookie for same-site requests, Lax allows top-level navigation, and None sends it with all requests (requires Secure).
Why are cookie security flags important?
Without proper flags, cookies are vulnerable to interception (missing Secure), cross-site scripting theft (missing HttpOnly), and cross-site request forgery (missing SameSite). Session cookies with poor security flags are a common attack vector. All authentication cookies should have Secure, HttpOnly, and SameSite=Strict or Lax.
How do cookies relate to GDPR and privacy?
GDPR and ePrivacy regulations require websites to obtain user consent before setting non-essential cookies (analytics, advertising). Essential cookies (login sessions, security) are exempt. Websites must clearly explain which cookies they use, their purpose, and how long they last. A compliant cookie banner should be shown before any tracking cookies are set.