HTTP Cookie Builder

Flags

Set-Cookie Header
Set-Cookie: session=abc123; Path=/; Secure; HttpOnly; SameSite=Lax
JavaScript
document.cookie = "session=abc123; path=/; secure; samesite=Lax";

What This Tool Does

HTTP Cookie Builder is built for deterministic developer and agent workflows.

Build and validate Set-Cookie headers interactively. Configure all cookie attributes — Secure, HttpOnly, SameSite, Path, Domain, Expires, Max-Age, Partitioned — and copy the ready-to-use header or JavaScript snippet.

Use How to Use for execution steps and FAQ for constraints, policies, and edge cases.

Last updated:

This tool is provided as-is for convenience. Output should be verified before use in any production or critical context.

Agent Invocation

Best Path For Builders

Dedicated API endpoint

Deterministic outputs, machine-safe contracts, and production-ready examples.

Dedicated API

https://aidevhub.io/api/http-cookie-builder/

OpenAPI: https://aidevhub.io/api/openapi.yaml

GET /api/http-cookie-builder/ GET http-cookie-builder
POST /api/http-cookie-builder/ POST http-cookie-builder

Unified Runtime API

https://aidevhub.io/api/tools/run/?toolId=http-cookie-builder&a=...

GET and POST are supported at /api/tools/run/ with identical validation and limits.

Limit: req / s, input max 512 KB.

Frequently Asked Questions

What is HTTP Cookie Builder?
HTTP Cookie Builder is a free online tool for constructing Set-Cookie headers interactively. Configure all standard attributes — Secure, HttpOnly, SameSite, Path, Domain, Expires, Max-Age, and Partitioned — and copy the resulting header or JavaScript snippet.
How do I use HTTP Cookie Builder?
Fill in the cookie name and value, configure optional attributes like Path, Domain, and Expires, then toggle flags such as Secure, HttpOnly, and SameSite. The Set-Cookie header and JavaScript snippet update instantly. Click Copy to grab either output.
Is HTTP Cookie Builder free?
Yes. Completely free with no sign-up required.
What does SameSite=None require?
Cookies with SameSite=None must also have the Secure flag set. The tool will warn you if this combination is missing, because browsers will reject cookies that violate this requirement.
What is the Partitioned attribute?
The Partitioned attribute (CHIPS — Cookies Having Independent Partitioned State) is a newer mechanism for third-party cookies that isolates the cookie jar per top-level site, improving privacy. It requires the Secure flag.