Developer

Cookie String Parser

Parse Set-Cookie and document.cookie strings into a readable table.

All tools

Cookie strings (one per line)

Parsed cookies (3)

session_id
abc123
path: /httponlysecuresamesite: Strictmax-age: 3600
theme
dark
path: /expires: Wed, 31 Dec 2025 23:59:59 GMT
user_id
42
domain: .example.comsecure

Frequently asked questions

What's the difference between document.cookie and a Set-Cookie header?
Set-Cookie is a response header from the server that can carry attributes like HttpOnly, Secure, SameSite, Path, and Domain. document.cookie in the browser only exposes name=value pairs - the attributes are stripped and HttpOnly cookies are hidden entirely.
What do SameSite=Lax, Strict, and None actually do?
Strict blocks the cookie on all cross-site requests, Lax allows it on top-level GET navigations but not on cross-site subresources, and None sends it everywhere but requires Secure to be set as well. Lax is the modern browser default when no attribute is provided.
Why can JavaScript not read an HttpOnly cookie?
HttpOnly is a server-set flag that tells the browser to expose the cookie only over HTTP requests, never through document.cookie. It is a defense against token theft via cross-site scripting.