logo
GeekFormat

Set-Cookie Parser

Set-Cookie Parser

Paste Set-Cookie response headers line by line to view attributes, potential risks, and whether SameSite/Secure combinations are reasonable.

Cookie Attribute Card

2 Set-Cookie
#1sessionabc123
path/
httponlyflag
secureflag
samesiteLax
No obvious attribute combination issues found
#2preview1
max-age600
samesiteNone
SameSite=None requires Secure in modern browsers.HttpOnly is missing, so JavaScript may read this cookie.Path is omitted, so the browser will derive a default path from the response URL.

JSON Preview

[
  {
    "index": 0,
    "raw": "session=abc123; Path=/; HttpOnly; Secure; SameSite=Lax",
    "name": "session",
    "value": "abc123",
    "decodedValue": "abc123",
    "attributes": [
      {
        "key": "path",
        "value": "/"
      },
      {
        "key": "httponly",
        "value": null
      },
      {
        "key": "secure",
        "value": null
      },
      {
        "key": "samesite",
        "value": "Lax"
      }
    ],
    "attributeMap": {
      "path": "/",
      "httponly": true,
      "secure": true,
      "samesite": "Lax"
    },
    "warnings": []
  },
  {
    "index": 1,
    "raw": "preview=1; Max-Age=600; SameSite=None",
    "name": "preview",
    "value": "1",
    "decodedValue": "1",
    "attributes": [
      {
        "key": "max-age",
        "value": "600"
      },
      {
        "key": "samesite",
        "value": "None"
      }
    ],
    "attributeMap": {
      "max-age": "600",
      "samesite": "None"
    },
    "warnings": [
      "SameSite=None requires Secure in modern browsers.",
      "HttpOnly is missing, so JavaScript may read this cookie.",
      "Path is omitted, so the browser will derive a default path from the response URL."
    ]
  }
]

Parse Set-Cookie online, get clues immediately when browsers reject cookies.

Related

HTTP Cookie Parser

CORS Inspector

CSP Generator

DNS Propagation Checker

URL Encode Decode

Unix Timestamp Converter

Use Cases

  • When browser fails to write Cookie, first check if the attribute combination in response headers is compliant
  • Verify SameSite=None and Secure attribute pairing is correct to avoid modern browser rejection
  • Analyze Path, Domain, and Max-Age configuration when debugging cross-site request (SSO, third-party login) Cookie passing issues
  • Analyze multi-line Set-Cookie response header structure from server and one-click copy raw header content

Features

  • Cookie attributes expanded one by one: SameSite, Secure, Domain, Path no longer squeezed in one line
  • Login state and cross-site issues easier to locate: Write failures, session loss, and policy conflicts can all be checked first
  • Modern browser compatibility scenarios: Help identify SameSite=None and other high-frequency configuration traps
  • Structured viewing more efficient: Line-by-line response header parsing for debugging, recording, and team collaboration

How to Use

  1. 1.Paste Set-Cookie response headers from browser Network panel or packet capture tool into input area (multi-line supported)
  2. 2.Tool automatically parses each Set-Cookie and displays Cookie count, names, values, and attribute cards
  3. 3.View each Cookie's attribute list (SameSite, Secure, HttpOnly, Path, Domain, Expires, Max-Age, etc.) and warning messages
  4. 4.Copy raw Set-Cookie header content for server configuration comparison or team troubleshooting sync

FAQ

Why didn't the browser successfully write the Cookie?

Common causes include inappropriate SameSite settings, missing Secure, domain or Path mismatch, or browser policy blocking cross-site scenarios.

Why does SameSite=None often cause problems?

Because SameSite=None typically requires Secure to be set simultaneously, otherwise modern browsers may reject it. This tool is perfect for checking this attribute combination.

Is it suitable for troubleshooting login state, cross-domain, and SSO?

Yes. Many single sign-on, cross-site request, and session persistence issues are directly related to Set-Cookie configuration.

Can it view Expires, Max-Age, Path, Domain, and other fields?

Yes. The tool is suitable for breaking down Cookie attributes in response headers, making it easy to compare with server configuration line by line.