Cookie Analyzer — Check Secure, HttpOnly & SameSite Flags

Analyze cookies for Secure, HttpOnly, and SameSite flags

Frequently Asked Questions

What are Secure, HttpOnly, and SameSite flags?

Secure ensures cookies are only sent over HTTPS. HttpOnly prevents JavaScript access (protects against XSS). SameSite controls cross-site cookie sending (protects against CSRF).

Why are cookie flags important?

Missing cookie flags are a common security vulnerability. Without Secure, cookies can be intercepted over HTTP. Without HttpOnly, malicious scripts can steal session tokens.

What is a good cookie configuration?

All authentication cookies should have Secure, HttpOnly, and SameSite=Lax (or Strict) flags. Session cookies should also have a reasonable expiry time.

For authorized, legal, and ethical security testing only. Scans are rate-limited to 3 per day on the free tier.