HTTP Cookie Parser & Generator

Paste a Set-Cookie header (or a multi-line stack of them) and see every attribute broken out. Or paste a document.cookie string to extract the name / value pairs the browser is currently exposing. The Generator tab builds a Set-Cookie from a form and lints for the RFC 6265 mistakes that cause the browser to silently drop a cookie: SameSite=None without Secure, __Host- with Path/, non-integer Max-Age, and more. Pure client-side, no upload.

One Set-Cookie header per line, or a single document.cookie string.
Cookies
Paste a Set-Cookie header to begin.
How the parser works
  • Tokenisation. Input is split on ; with surrounding whitespace trimmed. The first segment is the name=value pair; subsequent segments are attributes.
  • Quoted values. If the value is wrapped in "" the quotes are stripped for storage but preserved when re-emitted (since the wire format requires them).
  • Attribute canonicalisation. Names are matched case-insensitively against the seven known attributes (Expires, Max-Age, Domain, Path, Secure, HttpOnly, SameSite) and stored under their canonical case. SameSite values are normalised to title case.
  • document.cookie parsing uses the browser's contract: values are percent-decoded, attributes are not preserved (the browser keeps them internally and exposes only the names / values).
  • Generator order. Re-emitted Set-Cookie attributes follow the spec-friendly order: Expires, Max-Age, Domain, Path, Secure, HttpOnly, SameSite, then any unknown attributes alphabetically.
  • Nothing leaves the browser. The tool runs entirely on a small script; the headers you paste never get uploaded.