Set-Cookie Parser
Set-Cookie Parser
Paste Set-Cookie response headers line by line to view attributes, potential risks, and whether SameSite/Secure combinations are reasonable.
Cookie Attribute Card
2 Set-Cookie
#1sessionabc123
path/
httponlyflag
secureflag
samesiteLax
No obvious attribute combination issues found
#2preview1
max-age600
samesiteNone
SameSite=None requires Secure in modern browsers.HttpOnly is missing, so JavaScript may read this cookie.Path is omitted, so the browser will derive a default path from the response URL.
JSON Preview
[
{
"index": 0,
"raw": "session=abc123; Path=/; HttpOnly; Secure; SameSite=Lax",
"name": "session",
"value": "abc123",
"decodedValue": "abc123",
"attributes": [
{
"key": "path",
"value": "/"
},
{
"key": "httponly",
"value": null
},
{
"key": "secure",
"value": null
},
{
"key": "samesite",
"value": "Lax"
}
],
"attributeMap": {
"path": "/",
"httponly": true,
"secure": true,
"samesite": "Lax"
},
"warnings": []
},
{
"index": 1,
"raw": "preview=1; Max-Age=600; SameSite=None",
"name": "preview",
"value": "1",
"decodedValue": "1",
"attributes": [
{
"key": "max-age",
"value": "600"
},
{
"key": "samesite",
"value": "None"
}
],
"attributeMap": {
"max-age": "600",
"samesite": "None"
},
"warnings": [
"SameSite=None requires Secure in modern browsers.",
"HttpOnly is missing, so JavaScript may read this cookie.",
"Path is omitted, so the browser will derive a default path from the response URL."
]
}
]