User Rating 0.0
Total Usage 0 times
Drop cookies.txt here or click to browse
Is this tool helpful?

Your feedback helps us improve.

About

The Netscape cookie file format (commonly cookies.txt) remains the de facto interchange standard for HTTP cookie data across tools like curl, wget, and browser extensions. Each record contains 7 tab-delimited fields: domain, subdomain flag, path, secure flag, expiration epoch, name, and value. Misinterpreting field order or treating the boolean TRUE/FALSE flags as strings instead of proper booleans produces malformed data that silently breaks automation pipelines, API replay sessions, and scraping workflows. This converter parses each line with strict field validation, converts Unix epoch timestamps to ISO 8601 date strings, and outputs a clean JSON array ready for programmatic consumption.

The tool handles comment lines (prefixed with #), the optional #HttpOnly_ prefix that Chromium-based browsers prepend to httpOnly cookies, and blank lines. It does not guess or autocorrect malformed rows. If a line has fewer than 7 fields, it is flagged as an error with its line number. Pro tip: some export extensions insert a header comment block - this converter skips those automatically, but verify your expiration values are in seconds (not milliseconds) since Unix epoch.

netscape cookies cookies.txt json converter cookie converter http cookies cookie format browser cookies

Formulas

Each valid line in the Netscape format follows this tab-separated structure:

domain flag path secure expiration name value

The epoch-to-date conversion applies the standard transformation:

date = new Date(epoch × 1000)

Where epoch is the integer from field 5 and the multiplication by 1000 converts seconds to milliseconds as required by JavaScript's Date constructor.

The HttpOnly detection rule applies when a line starts with the literal prefix #HttpOnly_. The domain is extracted as:

domain = slice(line, 10)

Where 10 is the character length of #HttpOnly_.

Boolean mapping: TRUE true, FALSE false. Any other value flags the line as malformed.

Where domain = cookie domain string, flag = subdomain inclusion boolean, path = URL path scope, secure = HTTPS-only boolean, expiration = Unix epoch in seconds, name = cookie key, value = cookie data.

Reference Data

Field PositionField NameTypeExample ValueJSON KeyDescription
1Domainstring.example.comdomainCookie domain. Leading dot indicates subdomain inclusion.
2Include SubdomainsbooleanTRUEincludeSubdomainsWhether all subdomains can access this cookie.
3Pathstring/pathURL path the cookie applies to.
4SecurebooleanFALSEsecureIf TRUE, cookie sent only over HTTPS.
5Expirationinteger1735689600expirationUnix epoch timestamp in seconds. 0 means session cookie.
6Namestringsession_idnameThe cookie name (key).
7Valuestringabc123xyzvalueThe cookie value. May contain URL-encoded characters.
Common Netscape Cookie File Headers & Flags
- Comment Lineprefix# Netscape HTTP Cookie File - Lines starting with # are ignored during parsing.
- HttpOnly Prefixprefix#HttpOnly_.example.comhttpOnly: trueChromium extension adds this prefix. Domain extracted after prefix.
- Session Cookieepoch0expirationDate: nullExpiration of 0 indicates cookie expires when browser session ends.
JSON Output Format Options
- Flat Arrayformat[{...}, {...}] - Standard array of cookie objects. Most compatible.
- Grouped by Domainformat{"domain": [...]} - Cookies grouped under their domain key for easier lookup.
Epoch Timestamp References
- Unix Epoch Startdate0 - January 1, 1970 00:00:00 UTC
- Year 2038 Problemdate2147483647 - Max 32-bit signed integer. Some systems overflow after this.
- Common "Forever" Valuedate9999999999 - Often used as "never expires". Equals Nov 20, 2286.
- Millisecond Confusiontrap1735689600000 - If epoch > 9999999999, likely milliseconds. Divide by 1000.

Frequently Asked Questions

The converter flags lines with a field count other than 7 as malformed and reports the exact line number in the error summary. These lines are excluded from the JSON output. Common causes include spaces used instead of tabs, or cookie values containing unescaped tab characters.
Lines starting with #HttpOnly_ are not treated as comments. The prefix is stripped, the remaining content after the underscore becomes the domain field, and an additional httpOnly: true property is added to the resulting JSON object for that cookie. This matches the behavior of browser DevTools exports.
Some tools set cookie expiration to extremely large epoch values like 9999999999 (November 20, 2286) to represent "never expires." The converter faithfully translates the epoch - it does not clamp or modify expiration values. If you see dates past the year 2100, the original export likely used a max-lifetime sentinel value.
Yes, the Netscape cookie format is standardized across browsers and tools. Firefox, Chrome (via extensions), curl, and wget all produce the same 7-field tab-separated structure. The only browser-specific variation is the #HttpOnly_ prefix (Chromium), which this tool explicitly supports.
When the expiration field equals 0, the JSON output sets expirationDate to null and includes a session: true flag. This distinguishes session cookies from persistent cookies in the output, making downstream filtering straightforward.
This tool performs one-directional conversion: Netscape to JSON. The reverse operation requires reconstructing the exact tab-delimited format with boolean fields written as uppercase TRUE/FALSE strings and dates converted back to Unix epoch seconds - a different transformation pipeline.