Cookie Parser

Your data never leaves your browser

Parse raw Cookie or Set-Cookie header strings into a readable table with decoded values.

Brie — Bug Reporting Tool

Found a bug while testing?

Brie captures screenshots, console logs, network data, and session replays in one click — so developers get the full context without the back-and-forth.

Install Brie — It's FreeLearn more →

About Cookie Parser

Paste a Cookie request header string or a Set-Cookie response header string and see its contents in a clean, structured layout. For standard Cookie headers, every name-value pair is listed with both the raw value and its URL-decoded equivalent — making it easy to spot encoded data. For Set-Cookie headers, all attributes are parsed and displayed: Path, Domain, Expires, Max-Age, Secure, HttpOnly, and SameSite. Perfect for debugging authentication flows, session management, and third-party tracking cookies.

How to use

  1. Paste a Cookie header string (e.g. "name=value; session_id=abc") or a Set-Cookie header string into the input panel.
  2. The tool detects the format automatically and shows the parsed result.
  3. For encoded values, the decoded representation is shown alongside the raw value.

More QA & Testing Tools

User Agent Parser

Parse a user agent string into browser, engine, OS, and device type.

HTTP Status Code Reference

Browse the complete reference of HTTP status codes grouped by category.

URL Builder

Assemble a complete URL from individual components: protocol, host, port, path, query, and hash.

Frequently Asked Questions

FAQs about Cookie Parser

What is the difference between a Cookie and a Set-Cookie header?

The Cookie header is sent by the browser to the server with every request, containing all matching cookies as name=value pairs. The Set-Cookie header is sent by the server to the browser to create or update a single cookie, including attributes like Secure and HttpOnly.

Why do some values show a decoded version?

Cookie values are often URL-encoded, especially when they contain spaces, special characters, or JSON. The tool automatically decodes them with decodeURIComponent so you can read the actual content.

What cookie attributes are parsed?

For Set-Cookie headers, the tool parses Path, Domain, Expires, Max-Age, Secure, HttpOnly, and SameSite attributes.

How is the format detected automatically?

If the input contains attributes like Path=, Domain=, Secure, or HttpOnly after a semicolon, it is treated as a Set-Cookie header. Otherwise, it is parsed as a multi-value Cookie header.

Is this useful for debugging authentication issues?

Yes. Inspecting session cookies, auth tokens, and their attributes (particularly Secure, HttpOnly, and SameSite) is a key step in debugging login flows, CSRF protection, and cross-origin authentication.