Secure Cookie Test

Test HTTPOnly and Secure flag in Cookie response headers

Checking for the secure cookie...

Tested from     on  

Great! HTTPOnly and Secure cookie flag were found in the HTTP response headers as highlight below.

HTTPOnly cookie found as highlighted below. You may also consider implementing a Secure flag.

Secure cookie found as highlight below. You may also consider implementing HTTPOnly flag.

Couldn’t find the HTTPOnly or Secure cookie flag in the response headers.

Header Value



About Secure Cookie Test

Your website sends cookies to the browser. Good! But are they secure?

A simple implementation like injecting HTTPOnly and Secure in Set-Cookie header can prevent web vulnerabilities such as cross-site scripting (XSS).

Geekflare Secure Cookie Test checks the HTTP response headers for Set-Cookie.

If you need help with the implementation, then check out the following guide.

Hand-picked best resources to supercharge
your Website and Business

Explore Collections

More tools for your Website

Ping Test

Check if your site or IP can respond to ping globally

Test Now

Traceroute Test

Traceroute your IP or site to find network related issue

Test Now

TLS 1.3 Test

Test supported TLS version on the site

Test Now

TLS Scanner

Check the supported protocol, server preferences, certificate details, common vulnerabilities and more

Test Now


Check if DNS Security Extensions is enabled on your domain

Test Now

TCP Port Scanner

Quickly find out what ports are open on public Internet-facing IP or website

Test Now

Latest Articles