Scan website cookies for HttpOnly, Secure, SameSite flags and security issues.
Cookie security analysis checks whether your website sets cookies with proper security flags: HttpOnly (prevents JavaScript access), Secure (HTTPS-only transmission), and SameSite (CSRF protection). Missing flags expose users to session hijacking, CSRF attacks, and cross-site tracking. This tool scans all Set-Cookie headers and grades each cookie individually.
HttpOnly (JavaScript-inaccessible, prevents XSS theft), Secure (HTTPS-only), SameSite=Lax or Strict (CSRF protection), proper Expires/Max-Age. For auth cookies use __Host- or __Secure- prefix. The tool audits all cookies and flags unsafe ones.