Parse raw Set-Cookie headers or Cookie strings. Inspect security flags, expiration, domain/path scope, and get a risk assessment for each cookie.
Analyze browser cookies for security flags: Secure, HttpOnly, SameSite. Identify session cookies missing critical protections.
Secure to all cookies → Web AuditorHttpOnly on all session cookies → CSP EvaluatorSameSite=Lax minimum; Strict for sensitive sessions