Cookie Parser
Parse a Cookie request header or a Set-Cookie response header into a clean, readable list of names, values, and attributes — right in your browser.
ToolsSoup's Cookie Parser is a free online tool that turns a raw HTTP cookie string into a clean, readable breakdown. Paste a Cookie request header (name=value; name=value …), a Set-Cookie response header with its attributes (Domain, Path, Expires, Max-Age, Secure, HttpOnly, SameSite), or the value of document.cookie, and instantly see every cookie name, value, and attribute laid out clearly. Values can be URL-decoded automatically, and everything runs locally in your browser — nothing is uploaded to a server.
What is a cookie parser?
A cookie parser reads the textual cookie syntax used by HTTP and the browser's document.cookie API and splits it into its individual pieces. In a Cookie request header, cookies are simply a list of name=value pairs separated by semicolons, so the parser lists each pair. In a Set-Cookie response header, the first name=value pair is the cookie itself and everything after it is an attribute (Domain, Path, Expires, Max-Age, SameSite, plus flags like Secure and HttpOnly), so the parser separates the cookie from its attributes. It is a pure text tool: it does not read the cookies stored in your browser or contact any server.
How to parse a cookie string
Reading a cookie header takes only a moment:
- Paste your Cookie or Set-Cookie string into the input box.
- Choose whether to parse it as a Cookie request header (multiple cookies) or a Set-Cookie response header (one cookie plus attributes), and toggle URL-decoding if your values are percent-encoded.
- Click Parse to see each cookie name, value, and attribute, then copy the readable result.
Cookie header vs. Set-Cookie header
These two headers look similar but mean different things. The Cookie header is sent by the browser to the server and contains only name=value pairs — no attributes. The Set-Cookie header is sent by the server to the browser to create or update a single cookie, and it carries the attributes that control the cookie's lifetime, scope, and security (Expires/Max-Age for lifetime, Domain/Path for scope, and Secure/HttpOnly/SameSite for security). Pick the matching mode so the parser interprets the trailing fields correctly.
Why use this cookie parser?
- Handles both Cookie request headers (many cookies) and Set-Cookie response headers (one cookie plus attributes).
- Cleanly separates cookie name, value, and each attribute so long headers are easy to read.
- Optionally URL-decodes percent-encoded cookie values for you.
- Recognizes standard attributes like Domain, Path, Expires, Max-Age, SameSite, Secure, and HttpOnly.
- Runs 100% in your browser, so sensitive session cookies never leave your device.
Frequently asked questions
What's the difference between the two parse modes?
Cookie header (request) mode treats the whole string as a list of name=value pairs separated by semicolons and lists every cookie. Set-Cookie header (response) mode treats only the first pair as the cookie and everything after it as attributes such as Domain, Path, Expires, Max-Age, SameSite, Secure, and HttpOnly.
Can it read the cookies on a website?
No. This is a text parser, not a browser-storage reader. It only parses the cookie string you paste in. To see a real document.cookie value, copy it from your browser's developer console and paste it here.
What does URL-decode values do?
Cookie values are often percent-encoded (for example %20 for a space or %3D for an equals sign). With URL-decode values on, the parser runs decodeURIComponent on each value so you see the readable text. Turn it off to inspect the raw, encoded value exactly as transmitted.
Is my cookie data uploaded anywhere?
No. All parsing happens locally in your browser with JavaScript. Your cookie string and the parsed result never leave your device, so it is safe to paste session or authentication cookies.