HTTP Cookie Builder & Parser
Construct or decode Set-Cookie headers with SameSite, Secure, HttpOnly, and prefix validation.
Set-Cookie header
Set-Cookie: session=abc123; Path=/; Max-Age=86400; Secure; HttpOnly; SameSite=Lax</>Use this tool programmaticallycurl · JavaScript · MCP
Same tool, callable from any HTTP client or from Claude (via MCP). Anonymous: 100 req/day per IP. Sign up for 1,000 req/day.
curl
curl https://api.b-e-a-d.com/tools/cookie-builder/run \
-H "Content-Type: application/json" \
-d '{
"action": "build",
"name": "example",
"value": "a",
"path": "/",
"secure": false,
"httpOnly": false
}'JavaScript (fetch)
const res = await fetch("https://api.b-e-a-d.com/tools/cookie-builder/run", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({
"action": "build",
"name": "example",
"value": "a",
"path": "/",
"secure": false,
"httpOnly": false
}),
});
const data = await res.json();
console.log(data.result);MCP (Claude Desktop / Claude Code)
# In Claude Desktop / Claude Code, add to your MCP config:
{
"mcpServers": {
"bead": {
"command": "npx",
"args": ["-y", "mcp-remote", "https://mcp.b-e-a-d.com"]
}
}
}
# Then ask Claude to call:
mcp__bead__bead_cookie_builderFull reference: developer docs · OpenAPI spec
SameSite
Lax is sent on top-level navigations only — the modern default.Strict never crosses sites, even via clicks from another origin. None allows cross-site sends but requires Secure.
Host- and Secure- prefixes
A cookie named __Host-id must set Secure, no Domain, and Path=/ — browsers reject it otherwise. __Secure- just requires Secure. Both are belt-and-braces against subdomain takeover.
You might also like
- HTTP Message ParserParse a header block, raw request, or raw response into structured JSON with smart Set-Cookie / Cache-Control / Content-Type breakdowns.
- Cache-Control Header BuilderBuild HTTP Cache-Control headers with presets for static assets, APIs, and private responses.
- HTTP Status Code ReferenceSearchable reference of every HTTP status code with descriptions and category.
- Color Picker & Contrast CheckerPick colors, convert between HEX/RGB/HSL, and check WCAG contrast.