HttpOnly: blocks JS access (XSS protection). Secure: HTTPS only. SameSite=Strict/Lax: CSRF protection. Domain/Path: scope.

🍪

Cookie Security Audit

HttpOnly, Secure, SameSite check

Paste Set-Cookie headers (one per line)

📚

Learn more — how it works, FAQ & guide

Click to expand

Calculate percentages, increases, decreases & more

Calculate exact age in years, months, days, hours

Body Mass Index — metric and imperial

🔒

100% Privacy. This tool runs entirely in your browser. Your data is never uploaded to any server.

Cookie security audit