格式为'name=value; attr1=val1'。多cookie(s)用分号分隔。常见属性:Domain、Path、Expires、Max-Age、HttpOnly、Secure、SameSite。
可能经过URL编码(%20=空格)。勾选「URL Decode」可还原。特殊编码(Base64)不会自动解码。
HttpOnly: JS cannot access the cookie. Secure: sent over HTTPS only. Both are critical security flags.
Controls cross-site cookie sending: Strict=same-site only, Lax=partial cross-site, None=all cross-site (requires Secure). Used for CSRF protection.