Cookie Security Analyzer

Scan website cookies for HttpOnly, Secure, SameSite flags and security issues.

TL;DR:

Cookies Analyzer shows every cookie set by the site with Secure/HttpOnly/SameSite flags, expiry, domain, path. Flags tracking cookies (GA, Yandex Metrika, Facebook Pixel) and security gaps (session cookie without HttpOnly).

Cookie Details

Name	HttpOnly	Secure	SameSite	Expires	Type	Grade

Save & track URLs you check Free account · 24/7 checks · alerts via Telegram, email, Slack — sign up to monitor any URL you test here.

Free Sign Up

What is Cookie Security Analysis?

Cookie security analysis checks whether your website sets cookies with proper security flags: HttpOnly (prevents JavaScript access), Secure (HTTPS-only transmission), and SameSite (CSRF protection). Missing flags expose users to session hijacking, CSRF attacks, and cross-site tracking. This tool scans all Set-Cookie headers and grades each cookie individually.

Learn more

Research

Cookie Compliance in Runet 2026

Frequently Asked Questions

Which cookie flags are mandatory in 2026?

HttpOnly (JavaScript-inaccessible, prevents XSS theft), Secure (HTTPS-only), SameSite=Lax or Strict (CSRF protection), proper Expires/Max-Age. For auth cookies use __Host- or __Secure- prefix. The tool audits all cookies and flags unsafe ones.

Related guides

Longer-form reading on this topic from the knowledge base.

→ Cookie Compliance in Runet 2026 — Audit

Automate this check

Set up continuous monitoring and get an alert when something breaks. No manual runs to remember.

Start free

🍪 Cookie Security Analyzer