Cookie Jar — Cookie Finder & Classifier
Discover cookies on a page, estimate durations, and auto-classify by vendor & category. Export CSV for your cookie policy and CMP.
Analyze cookies
Note: Cookie Jar is designed for website owners and developers. Browsers do not expose cross-site Set-Cookie headers for privacy reasons, so full results require using Paste Set-Cookie headers copied from your Network tab.
Choose a mode. Browser security (CORS) may block third-party header access — if so, use Paste Set-Cookie headers.
A) Scan this page
Reads document.cookie from this tool’s origin (best when embedded on your site).
Login required for authorised URL scanning.
C) Paste Set-Cookie headers
Paste raw response headers (e.g., from your browser’s Network tab or cURL). One header per line.
Results
| Name | Value length | Domain | Path | Expires | Duration | SameSite | Secure | HttpOnly | Source | Vendor | Category |
|---|
Tip: Duration is derived from Max-Age or Expires when present; session cookies have no explicit expiry.
Vendor & Category Pattern Editor
Patterns (regex) match cookie names to infer vendor and category. First match wins. Changes persist to your browser.
| Regex pattern (cookie name) | Vendor | Category | Remove |
|---|
Examples: ^_ga, ^_gid$, _fbp, ^_hj. (No slashes; case-insensitive.)
Cookie Jar FAQs
Why doesn’t Fetch detect third-party cookies?
Browsers block cross-origin response headers via CORS. Use “Paste Set-Cookie headers” copied from your devtools Network tab, server logs, or cURL. You can also host Cookie Jar on the same origin you’re testing and use “Scan this page”.
How accurate are vendor/category labels?
They’re pattern-based heuristics. You can refine them in the editor and export/import JSON for team use. For compliance, always review before publishing.
What about localStorage or pixels?
Cookie Jar focuses on HTTP cookies. For full coverage, complement this with tag audits (script/iframe inventory) and network request analysis.