Cookie Analyzer Online

The Cookie Analyzer on 101IP makes an HTTP request to the given URL and inspects all Set-Cookie headers in the server response. Each cookie is checked for security attributes and warnings are displayed.

Cookie security attributes

• HttpOnly — prevents JavaScript access to the cookie. Protects against XSS attacks.
• Secure — cookie is only sent over HTTPS. Prevents interception on plain HTTP.
• SameSite — controls cookie sending on cross-site requests. Strict — same-site only; Lax — allows top-level navigational GET requests; None — no restrictions (requires Secure).

Session vs persistent cookies

Cookies without Expires or Max-Age are session cookies — the browser deletes them when closed. Persistent cookies are stored until the specified date or Max-Age expires.

Tool limitations

This tool only shows cookies set by the server via HTTP headers. Cookies set by JavaScript (document.cookie) are not visible. Some sites only set cookies after login — in that case, try checking the specific login page URL.