Reports & Analysis
The Report view audits every cookie on the site in one place: a health score, a list of severity-ranked findings with concrete fixes, and supporting breakdowns for coverage, scope, expiry, and size. Save a snapshot and Cookie Lens tracks how the score moves over time.
The Health Score
Cookie Lens scores the site's cookies out of 100. Each finding carries a severity — High, Medium, Low, or Info — and weightier, more common problems pull the score down more. A higher score means fewer and less severe issues.
Findings
Findings span security, privacy, and hygiene. Representative checks:
Security
- Sensitive cookie missing
HttpOnly— a session/auth cookie readable by JavaScript (XSS exposure). SameSite=NonewithoutSecure— a cross-site cookie sent insecurely.- Prefix violation — a
__Secure-or__Host-name that doesn't meet the prefix's requirements. alg:noneJWT — an unsigned token accepted as-is.- Weak or unspecified
SameSite— consider setting Lax or Strict explicitly.
Privacy
- Third-party cookies — set by a domain other than the site.
- Tracking id / PII — values that look like tracking identifiers or personal data.
- Unpartitioned cross-site cookies — cookies that could be read across sites.
Hygiene & size
- Over 4096 bytes — larger than the per-cookie limit; the browser rejects it.
- Domain carrying too many / too-large cookies — approaching per-domain limits.
- Duplicate names, expired, and very long-lived cookies.
Supporting Breakdowns
Beyond the findings list, the Report shows:
- Coverage — what share of cookies set Secure, HttpOnly, and an explicit SameSite.
- Scope — first-party vs third-party counts.
- Expiry distribution — session vs persistent, bucketed by lifetime.
- Per-domain size — total bytes and count per domain, against browser limits.
Trends Over Time
Save a Report snapshot, make changes, and re-open the Report: it compares against the last snapshot and shows which findings appeared or cleared and how the score moved — useful for tracking a hardening effort or catching a regression.
How to Improve a Score
- Start with High-severity findings — they hurt the most and usually matter the most.
- Click a finding to see the affected cookie and the recommended fix.
- Edit the cookie to apply the fix (enable
HttpOnly, addSecure, tightenSameSite, shrink an oversized value). See Editing Cookies. - Freeze a cookie you've just hardened if the server keeps reverting it, so the fix holds while you verify. See Freezing Cookies.
- Re-open the Report to confirm the finding cleared and the score rose.
See Also
- Inspecting Cookies — understanding attributes.
- Editing Cookies — fixing issues the Report finds.
- Freezing Cookies — holding a hardened value in place.