Developer
All toolsCookie String Parser
Parse Set-Cookie and document.cookie strings into a readable table.
Cookie strings (one per line)
Parsed cookies (3)
session_id
abc123
path: /httponlysecuresamesite: Strictmax-age: 3600
theme
dark
path: /expires: Wed, 31 Dec 2025 23:59:59 GMT
user_id
42
domain: .example.comsecure
Frequently asked questions
- What's the difference between document.cookie and a Set-Cookie header?
- Set-Cookie is a response header from the server that can carry attributes like HttpOnly, Secure, SameSite, Path, and Domain. document.cookie in the browser only exposes name=value pairs - the attributes are stripped and HttpOnly cookies are hidden entirely.
- What do SameSite=Lax, Strict, and None actually do?
- Strict blocks the cookie on all cross-site requests, Lax allows it on top-level GET navigations but not on cross-site subresources, and None sends it everywhere but requires Secure to be set as well. Lax is the modern browser default when no attribute is provided.
- Why can JavaScript not read an HttpOnly cookie?
- HttpOnly is a server-set flag that tells the browser to expose the cookie only over HTTP requests, never through document.cookie. It is a defense against token theft via cross-site scripting.