Question 1

What is a Cookie header?

Accepted Answer

The Cookie request header contains stored HTTP cookies sent by the browser to the server. It contains semicolon-separated name=value pairs. Example: session=abc123; theme=dark; user_id=42

Question 2

What is Set-Cookie?

Accepted Answer

Set-Cookie is a response header used by servers to send cookies to the browser. It includes attributes like Expires, Max-Age, Domain, Path, Secure, HttpOnly, and SameSite that control cookie behavior.

Question 3

What does HttpOnly mean?

Accepted Answer

HttpOnly cookies cannot be accessed by JavaScript (document.cookie). They are only sent in HTTP requests. This prevents cross-site scripting (XSS) attacks from stealing session cookies.

Question 4

What does SameSite do?

Accepted Answer

SameSite controls cross-origin cookie sending. Strict: only same-site requests. Lax: same-site + top-level navigations. None: all cross-origin requests (requires Secure). SameSite=Lax is the modern browser default.

Question 5

How do I get the Cookie header value?

Accepted Answer

In Chrome DevTools: open Network tab, click a request, find Cookie in the Request Headers section. Copy the full value after 'Cookie:'. You can also use document.cookie in the browser console to get the cookie string for the current page.

Question 6

How do I decode browser cookies?

Accepted Answer

Paste your Cookie header string (from browser DevTools → Network tab → Request Headers) into the decoder above. The tool parses all key=value pairs, URL-decodes values, and displays them in a readable table. If a cookie value looks like a JWT (starts with eyJ), try DevDecode's JWT Decoder to inspect the session claims.

Question 7

What is a session cookie vs a persistent cookie?

Accepted Answer

Session cookies have no Max-Age or Expires attribute — they're deleted when the browser closes. Persistent cookies have an expiry date and survive browser restarts. Secure cookies are only sent over HTTPS. HttpOnly cookies can't be read by JavaScript, protecting against XSS. Decode your cookies above to inspect all attributes.

Cookie Decoder — Free Online HTTP Cookie Parser

Frequently Asked Questions

HTTP Cookie Headers Explained

Related Tools

JWT Decoder

SAML Decoder

URL Encoder/Decoder

Base64 Decoder