Cookie Header Parser
Decode Cookie and Set-Cookie headers into fields.
How to use
- 1 Choose Cookie (request) or Set-Cookie (response) mode.
- 2 Paste the raw header value into the box.
- 3 Read the name/value pairs or the cookie plus its attributes.
- 4 Copy any value you need.
About Cookie Header Parser
The Cookie Header Parser turns raw HTTP cookie headers into a readable breakdown.
Paste a Cookie request header and it splits the run of semicolon-separated tokens into an ordered list of name and value pairs.
Switch to Set-Cookie mode and it separates the cookie itself from its attributes — Path, Domain, Expires, Max-Age, Secure, HttpOnly, SameSite and any others — showing flag attributes distinctly from keyed ones.
Cookie headers are awkward to read at a glance, especially a long Cookie line packed with session tokens or a Set-Cookie string trailing a dozen attributes.
This parser handles the fiddly parts correctly: values that themselves contain an equals sign are kept whole, surrounding whitespace is trimmed, empty segments are skipped, and attribute names are normalised to their canonical casing so Secure, secure and SECURE all read the same.
Unknown attributes are preserved exactly as written rather than dropped.
It is the tool to reach for when debugging authentication, checking that a cookie is correctly marked Secure and HttpOnly, or confirming a SameSite policy from a server response or browser dev-tools copy.
Because parsing happens entirely in your browser, you can safely inspect headers that contain real session identifiers — nothing is uploaded, logged or sent anywhere.
FAQ
What is the difference between the two modes?
A Cookie request header carries many name=value pairs at once, so it parses to a list. A Set-Cookie response header defines one cookie plus attributes, so it parses to a single cookie with its settings.
Are values with equals signs handled correctly?
Yes. Only the first equals sign splits name from value, so base64 or token values that contain extra equals signs are kept intact.