Skip to content
DevLab

🍪 Cookie Inspector

Enter a URL to fetch every Set-Cookie header and analyze Secure / HttpOnly / SameSite / Domain / Path / Expires, prefixes, and size limits.

✅ 100% free, no signup

⚠️ Requests are made from DevLab servers. Private IP addresses and localhost are not allowed.

📚 Cookie Attribute Reference

Secure: Sent only over HTTPS

HttpOnly: Inaccessible to JavaScript (XSS protection)

SameSite=Strict: Never sent on cross-site requests

SameSite=Lax: Sent on top-level GET navigation only (default)

SameSite=None: Sent cross-site (requires Secure)

__Secure- prefix: Requires Secure flag

__Host- prefix: Requires Secure + no Domain + Path=/ (strong isolation)

Partitioned (CHIPS): Lives in a partitioned third-party context

🔗 Related Tools