Tool inputs are processed in your browser. We don't log or transmit what you paste.
privategram

Cookie Lookup

Identify what any browser cookie does — purpose, vendor, category, retention. Powered by the Open Cookie Database. Loads lazily, fully client-side.

Type the cookie name as it appears in your browser's DevTools → Application → Cookies. Case-insensitive.

Data: Open Cookie Database by Jasper Kwakman, licensed CC-BY 4.0. Lazy-loaded on first lookup. Inline patterns are a small instant-on subset for the most common analytics/ad/CDN cookies.

About this tool

You're staring at a cookie called OSID in DevTools and have no idea what it does. Or your privacy policy needs a "cookies we set" section and you want to know what each one is actually for before describing it. Or you're auditing a competitor's site and need to identify their tracking stack from the cookie names alone. This tool answers all three: paste the cookie name, get the purpose, vendor, retention, and category.

Two-tier matching. The page bundles a small set of inline patterns (_ga, _fbp, __cf_bm, IDE, etc.) so the most common cookies return a result the moment you start typing — no fetch needed. The full Open Cookie Database is lazy-loaded on first lookup (~120 KB gzipped, cached for the session), giving you authoritative data on ~2,200 known cookies plus ~260 wildcard patterns.

Wildcard handling. Many cookies have dynamic suffixes — _ga_ABC123, _gid, __hstc_42. The database includes both exact-name entries and wildcard prefix entries. When you type a cookie name, we try exact match first, then fall through to the longest matching wildcard prefix.

Categories follow the standard browser-extension taxonomy: Analytics (page view counting and behavior tracking), Advertising (ad targeting and frequency capping), Functional (login state, language preferences, shopping carts), Security (CSRF tokens, bot detection, rate limiting), Marketing (remarketing audiences, lead tracking), and Preferences (UI customization). The same cookie name occasionally appears under multiple vendors — when that happens, all matching entries are shown.

What this tool can't do. It can't tell you whether a specific cookie on a specific site is being used the way the database describes — vendors do sometimes use generic names for non-standard purposes, and database entries reflect the typical use, not every possible deployment. It can't identify session-specific UUIDs that aren't in any public database. It can't audit your own site's cookies for compliance — for that, run a real cookie scanner like CookiePro, Cookiebot, or Cookieyes. This tool is a fast lookup, not a compliance audit.

Privacy. The cookie name you type stays in your browser. The lookup queries the local JSON file fetched once at tool load — no per-query network roundtrip, no logging of what you searched. Open DevTools → Network and confirm: typing fires no requests; only the initial DB fetch happens, exactly once per session.

Frequently asked questions

Where does the cookie data come from?

The Open Cookie Database, a CC-BY 4.0 community-maintained dataset of ~2,200 known cookies and ~260 wildcard patterns covering analytics, advertising, functional, and security categories. Maintained by Jasper Kwakman and contributors at github.com/jkwakman/Open-Cookie-Database. Licensed CC-BY 4.0; we redistribute with attribution.

Why does the lookup feel instant for some cookies and slower for others?

A small subset of the most common cookies (Google Analytics _ga, Cloudflare __cf_bm, Facebook _fbp, etc.) is bundled inline in the page so it returns a result on the first keystroke. The full database is fetched lazily on first input — once it arrives, exact matches and wildcard prefix matches both work. The lazy fetch is cached for the rest of the session.

Why is the cookie name I pasted not in the database?

Three common reasons. First, it might be a session-specific UUID (random IDs assigned per visit) — those don't live in any public database. Second, it might be from a small or regional vendor that hasn't been catalogued. Third, the cookie name might include a number suffix (like _ga_ABC123) — try the prefix only (_ga_ matches as a wildcard).

Are first-party and third-party cookies treated differently?

The database doesn't directly classify by 1st/3rd party — that depends on the site setting the cookie, not the cookie name itself. The "Domain" field tells you who owns the domain that originally registered the cookie name; the "Vendor" tells you the platform / SDK that typically sets it. To know if a specific cookie on a site is 1st or 3rd party, check the cookie's actual Domain attribute in DevTools.

How current is the data?

The Open Cookie Database is community-updated periodically. We pinned a snapshot to keep page loads cacheable. For current data on niche or regional cookies, the upstream cookiedatabase.org search is more authoritative.

Why not just use the upstream search?

The upstream is a server-side search that requires a network round-trip per query. Our snapshot is one ~120 KB gz fetch, after which all lookups are instant and offline. Plus the inline patterns mean common cookies match even before the snapshot loads. It's the same data, in a faster shape.

Related tools