Cookie Decoder

Parse and decode HTTP cookies. Extract name, value, and attributes from Cookie and Set-Cookie headers.

Home
> Encoder & Decoder >
Cookie Decoder

Parse Cookie

Cookie String (Cookie or Set-Cookie header):

Build Cookie

Name:

Value:

Domain:

Path:

Expires (optional):

Max-Age (seconds):

Secure HttpOnly

SameSite:

Set-Cookie Header:

Parsed Cookies

#	Name	Value	Domain	Path	Expires	Max-Age	Secure	HttpOnly	SameSite

Paste a cookie string above and click Parse to see the details.

What is an HTTP Cookie?

An HTTP Cookie (web cookie, browser cookie) is a small piece of data sent from a server to a user's web browser. The browser stores the cookie and sends it back with subsequent requests to the same server, enabling stateful behavior in the stateless HTTP protocol.

Cookies are defined in RFC 6265 and are used for session management, personalization, tracking, and authentication. The Set-Cookie header is sent by the server to create cookies, and the Cookie header is sent by the browser to return them.

Cookie Attributes

Domain — Specifies which hosts can receive the cookie
Path — Limits the cookie to a specific URL path
Expires / Max-Age — Sets the cookie's lifetime (session vs persistent)
Secure — Cookie is only sent over HTTPS connections
HttpOnly — Cookie is inaccessible to JavaScript (prevents XSS theft)
SameSite — Controls cross-site request behavior (Lax, Strict, None)

How to Use This Cookie Decoder

Parse cookies — Paste a cookie string (from Cookie or Set-Cookie header) in the left panel, then click Parse to see all cookies and their attributes in a table.
Build a cookie — Fill in the cookie name, value, and optional attributes on the right panel, then click Build to generate a Set-Cookie header string.
The tool supports both simple Cookie header format (key=value; key2=value2) and full Set-Cookie format with attributes.

Common Use Cases

Debugging authentication — Inspect session cookies and auth tokens to troubleshoot login issues.
API development — Parse Set-Cookie headers from API responses during development and testing.
Security analysis — Check if cookies have proper Secure, HttpOnly, and SameSite attributes.
Web scraping — Parse cookies from scraped pages to maintain sessions across requests.
Cookie testing — Generate accurate Set-Cookie headers for testing cookie handling in browsers.

Frequently Asked Questions

What is the difference between Cookie and Set-Cookie headers?

Cookie header is sent by the browser to the server, containing key=value pairs separated by semicolons. Set-Cookie header is sent by the server to the browser, containing the cookie name/value plus optional attributes. A single response can have multiple Set-Cookie headers.

What does URL-decoded value mean?

Cookie values are often URL-encoded to safely store special characters. For example, a value like hello%20world would be decoded to hello world. This tool automatically URL-decodes cookie values for readability.

What is the SameSite attribute?

SameSite is a security attribute that controls when cookies are sent in cross-site requests. Lax (default) sends cookies for top-level navigations using safe methods. Strict only sends cookies for same-site requests. None sends cookies for all requests (requires Secure flag).

Can I decode multiple Set-Cookie headers at once?

Yes. Paste multiple Set-Cookie headers (one per line or concatenated) and the tool will parse each one and display them as separate rows in the results table.

Is this tool safe for sensitive cookie data?

Yes. All parsing and building happens entirely in your browser using JavaScript. No data is sent to any server. Your cookie data never leaves your device.