Skip to content

Cookie Security Analyzer

Scan website cookies for HttpOnly, Secure, SameSite flags and security issues.

TL;DR:

Cookies Analyzer shows every cookie set by the site with Secure/HttpOnly/SameSite flags, expiry, domain, path. Flags tracking cookies (GA, Yandex Metrika, Facebook Pixel) and security gaps (session cookie without HttpOnly).

Embed this cookie security badge on your site live grade from enterno.io · auto-updates
Sample badge for example domain
<a href="https://enterno.io/cookie?url=<DOMAIN>"><img src="https://enterno.io/api/badge-domain.php?domain=<DOMAIN>&type=cookie&powered=1" alt="cookie security grade by enterno.io"></a>
[![cookie security grade](https://enterno.io/api/badge-domain.php?domain=<DOMAIN>&type=cookie&powered=1)](https://enterno.io/cookie?url=<DOMAIN>)

Updates automatically every hour. <DOMAIN> substituted with the URL you just checked once the result loads.

Save & track URLs you check Free account · 24/7 checks · alerts via Telegram, email, Slack — sign up to monitor any URL you test here.
Free Sign Up

What is Cookie Security Analysis?

Cookie security analysis checks whether your website sets cookies with proper security flags: HttpOnly (prevents JavaScript access), Secure (HTTPS-only transmission), and SameSite (CSRF protection). Missing flags expose users to session hijacking, CSRF attacks, and cross-site tracking. This tool scans all Set-Cookie headers and grades each cookie individually.

Frequently Asked Questions

Which cookie flags are mandatory in 2026?

HttpOnly (JavaScript-inaccessible, prevents XSS theft), Secure (HTTPS-only), SameSite=Lax or Strict (CSRF protection), proper Expires/Max-Age. For auth cookies use __Host- or __Secure- prefix. The tool audits all cookies and flags unsafe ones.

Related guides

Longer-form reading on this topic from the knowledge base.

Automate this check

Set up continuous monitoring and get an alert when something breaks. No manual runs to remember.