Skip to main content
Version: 1.0.1

Cookie Lens

Cookie Lens treats cookies like a first-class debugging surface. It ships as a popup for a quick look and a DevTools panel for real work — a dense, sortable table where every cookie is structured data you can read, decode, edit, freeze, and audit. Privacy-first: host access is requested per site, only when you ask, and no value ever leaves your machine.

Why not the built-in Application tab?

Chrome's Application tab shows cookies as flat key-value strings — fine for a glance, painful for real debugging. Cookie Lens goes further:

  • It decodes JWT, JSON, Base64 and delimited values into an editable table, so you read what's actually inside a cookie instead of an opaque blob.
  • Its search matches the decoded value too — find a cookie by a claim buried inside a JWT, with a chip that explains the match.
  • Freeze pins a value so a background enforcer reverts any page or server change — no more chasing a cookie a script keeps resetting.

Decode any value

Auto-detects JWT, JSON, Base64 and delimited key/value cookies into an editable table that serializes back.

Smart search

Matches raw and decoded forms; a via JWT / base64 / URL chip explains an otherwise-invisible match.

Freeze

Pin a value and a background enforcer instantly reverts any page or server change — or deletion.

Profiles

Save named cookie sets and switch between logged-in, guest or admin scenarios in one click.

Activity feed

A live network tab for cookies: set / update / delete / expire events with value diffs.

Diff

Snapshot the cookie jar, run a flow, and compare exactly what was added, removed or changed.

Report

Scores every cookie and lists severity-ranked findings across security, privacy, hygiene and size — with fixes.

Value masking

Hide sensitive values while you screen-share or record, without changing the underlying cookies.

Incognito

Works against the separate incognito cookie jar; dead snapshots are purged automatically.

Import & export

Move cookies as CSV or JSON — formula-injection guards, size caps, per-cookie failure reporting, and a foreign-domain warning on import.

Copy

Copy a cookie or the whole set as a cURL command, fetch() call, Cookie header, or Playwright storageState.

Set by Request

See which network request set or updated each cookie — its method, URL, status and Set-Cookie headers.

Who is it for?

  • Frontend engineers debugging session, auth, and consent behavior.
  • QA engineers testing cookie-dependent features across user states.
  • Backend engineers verifying server-set cookies, flags, and expiry.
  • Web platform & security teams auditing security, privacy, and size.

Privacy-first by design

All processing happens locally in your browser. Cookie Lens never sends cookie values anywhere, includes no analytics or telemetry, and loads no third-party scripts. Freeze and Profiles do persist cookie values in local extension storage — they must, to restore them — but nothing is transmitted off-device. See the Privacy Policy for the full breakdown.

Quick start

  1. Install Cookie Lens from the Chrome Web Store.
  2. Open the popup from the toolbar for the current tab, or press F12 / Cmd+Option+I and open the Cookie Lens panel in DevTools.
  3. Grant host access for the site when prompted (per-site, from your click).
  4. Browse, search, decode, and edit cookies — then explore the Report, Activity, Diff, Profiles, and Frozen views along the top.

Next steps