oanor
Sign up free
Marketplace Pricing Features Sign in

API · /cookie-api

Cookie API

healthy 3,904 Subscribers

Parse and build HTTP cookies. The parse endpoint reads a Set-Cookie header into its name, value and structured attributes — Domain, Path, Expires, Max-Age, Secure, HttpOnly, SameSite, Priority and Partitioned — or, with mode=cookie, splits a request Cookie header like "a=1; b=2; c=3" into an ordered list and a name→value map. The serialize endpoint builds a correct Set-Cookie string from simple fields, with sensible defaults (Path=/), proper date formatting for Expires, optional URL-encoding of the value, and validation of the cookie name, the date and the enum attributes — and it automatically adds Secure when SameSite=None, as browsers require. Everything is computed locally and deterministically, so it is instant and private. Ideal for web frameworks and middleware, API debugging and proxies, session and consent tooling, testing and security review. Pure local computation — no key, no third-party service, instant. Live, nothing stored. 3 endpoints. This parses and builds cookie strings; it does not fetch a URL — to inspect a live site's response headers use a security-headers or HTTP API.

#cookie #set-cookie #http #headers #web #developer-tools
api.oanor.com/cookie-api
Get an API key Try in playground → Contact provider

Machine-readable spec so AI agents can integrate this API.

/api/cookie-api/openapi.json
/api/cookie-api/llms.txt

Discovery: GET /api/index.json lists every API.

Cookie API — live data on the oanor API marketplace

API health

healthy
Uptime
100.00%
Server probes · 24h
Avg latency
78 ms
Server probes · 24h
Subscribers
3,904
active
Total calls
57
last 7 days
status Full status page → · 6 probes/24h

Pricing

Pick a tier — billed monthly, cancel anytime.

Free

Free

  • 2,235 calls / month
  • 2 requests / second
  • Hard cap (429 above quota, no overage)
  • 2,235 calls/month
  • 2 req/sec
  • Parse + serialize
  • No credit card
Sign in to subscribe

Starter

€3.75 /month

  • 11,750 calls / month
  • 8 requests / second
  • Hard cap (429 above quota, no overage)
  • 11.75k calls/month
  • 8 req/sec
  • All attributes + URL-encode
  • Email support
Sign in to subscribe

Pro

€23.65 /month

  • 168,500 calls / month
  • 20 requests / second
  • Hard cap (429 above quota, no overage)
  • 168.5k calls/month
  • 20 req/sec
  • Framework / proxy / session pipelines
  • Priority support
Sign in to subscribe

Mega

€61.65 /month

  • 885,000 calls / month
  • 50 requests / second
  • Hard cap (429 above quota, no overage)
  • 885k calls/month
  • 50 req/sec
  • Platform scale
  • Dedicated SLA
Sign in to subscribe

Built by

P
PremiumApi

Related APIs

Other APIs with overlapping tags.

MIME Types API — oanor API marketplace

MIME Types API

The canonical MIME / media-type database (the jshttp mime-db used by Express and most of the Node ecosystem: IANA + Apache + nginx), served from memory — no key. Resolve a media type to its file extensions, charset and compressibility; reverse-lookup the media type(s) for a file extension (e.g. png → image/png); and search or list types by source. 2,600+ media types, 1,000+ with file extensions. Lean, predictable JSON. Ideal for upload validation, Content-Type resolution, file-type detection, download handlers and developer tooling.

api.oanor.com/mimetypes-api

 CORS API — oanor API marketplace

CORS API

Build correct CORS response headers and evaluate preflight requests — without re-reading the spec every time. The headers endpoint turns a simple policy (allowed origins, methods, request headers, whether credentials are allowed, a preflight max-age and any exposed response headers) into the exact set of Access-Control-* headers to return, and it handles the parts people get wrong: you cannot combine a wildcard origin with credentials, so it reflects the specific request origin and adds Vary: Origin instead; it omits the allow-origin header when an origin is not on your list; and it warns when a configuration would not behave as expected. The check endpoint takes an incoming request — its Origin, the (requested) method and the Access-Control-Request-Headers — and tells you whether it would pass CORS, the precise reason if it fails, and the response headers you should send back. Everything is computed locally and deterministically, so it is instant and private. Ideal for API gateways and backends, edge and serverless functions, debugging browser CORS errors, and getting a security policy exactly right. Pure local computation — no key, no third-party service, instant. Live, nothing stored. 3 endpoints. This builds and checks the headers; it does not make a cross-origin request — to inspect a live site's security headers use a security-headers API.

api.oanor.com/cors-api

 Client IP API — oanor API marketplace

Client IP API

Find the real client IP behind proxies, CDNs and load balancers. The client endpoint takes an X-Forwarded-For list (or an RFC 7239 Forwarded header) together with a count of proxies you trust, and returns the actual client address — stripping the trusted proxies from the right-hand side so that a spoofed left-most value cannot fool you — along with the full ordered hop chain, the left-most and right-most entries and the address family. The parse endpoint decomposes a Forwarded header into its for/by/host/proto hops, or an X-Forwarded-For header into its ordered list of addresses, stripping ports and IPv6 brackets so you get clean IPs. Getting this right matters for security: trusting the wrong entry lets clients spoof their IP, so the trusted-proxy model returns the first address you did not put there yourself. Everything is computed locally and deterministically, so it is instant and private. Ideal for reverse proxies and API gateways, rate limiting and abuse prevention, audit logging and analytics, geo and fraud checks, and any backend sitting behind a load balancer. Pure local computation — no key, no third-party service, instant. Live, nothing stored. 3 endpoints. This parses forwarding headers to find the client IP; to geolocate that IP use an IP-geolocation API.

api.oanor.com/clientip-api

 Content-Disposition API — oanor API marketplace

Content-Disposition API

Parse and build HTTP Content-Disposition headers (RFC 6266, with RFC 5987 filename* encoding). The parse endpoint reads a header into its disposition type (attachment, inline or form-data), its filename — correctly decoding the extended filename*=UTF-8''… form and preferring it over a plain filename exactly as the specification requires — the form-data field name, and any remaining parameters. The build endpoint assembles a correct header from simple fields and, when a filename contains non-ASCII characters (accents, emoji, CJK), automatically emits both an ASCII fallback filename and the percent-encoded filename*, so every browser shows the right download name while older clients still work. Everything is computed locally and deterministically, so it is instant and private — no file is ever fetched or stored. Ideal for file-download and upload endpoints, object storage and CDNs, content gateways and proxies, email and multipart handling, and debugging why a download is mis-named. Pure local computation — no key, no third-party service, instant. Live, nothing stored. 3 endpoints. This builds and parses the header string itself; it does not serve a file.

api.oanor.com/contentdisposition-api

Frequently asked questions

Quick answers about pricing, quotas, and integration.

How do I get an API key for Cookie API?
Sign up for free at oanor.com, generate an API key from the developer dashboard, and call Cookie API with the x-oanor-key header. No credit card needed for the free tier.
What's the rate limit for Cookie API?
Free tier allows 1 request per second. Paid plans scale up to 50 requests per second on the Mega tier. Hard limits return HTTP 429 above the quota — no surprise overage charges.
How much does Cookie API cost?
Cookie API has a free tier with 100 calls / month. Paid plans start at €3.75 / month with higher quotas and faster rate limits.
Can I cancel my subscription anytime?
Yes. Plans are billed monthly and you can cancel anytime from your billing dashboard. No long-term contracts and no cancellation fee.
Is Cookie API GDPR-compliant?
All requests to Cookie API go through our EU-based gateway. Your upstream API key never leaves our server and no personal data is shared with the upstream provider beyond the request you send.

Pick an endpoint from the list on the left to see its details and try it.

Code snippets

Sign up to get an API key, then call any path under your slug.

curl https://api.oanor.com/cookie-api/SOME_PATH \
  -H "x-oanor-key: oanor_test_..."
const res = await fetch("https://api.oanor.com/cookie-api/SOME_PATH", {
  headers: { "x-oanor-key": "oanor_test_..." }
});
const data = await res.json();
$ch = curl_init("https://api.oanor.com/cookie-api/SOME_PATH");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, ["x-oanor-key: oanor_test_..."]);
$response = curl_exec($ch);
import requests
r = requests.get(
    "https://api.oanor.com/cookie-api/SOME_PATH",
    headers={"x-oanor-key": "oanor_test_..."},
)
print(r.json())

Ratings

Sign in to rate.

No reviews yet.

Discussion

Ask questions, share usage tips, get answers from the provider and other developers. Public — anyone can read.

Sign in to start a thread or reply.

Sign in

New thread

/ 4000

📌 Pinned 🔒 Locked

·

· ·

/ 4000

🔒 This thread is locked — no new replies.

  • No threads yet — start the discussion.

Support

Private 1:1 support with the provider — billing questions, integration issues, account problems. Only you and the provider team can see these threads.

Sign in to open a support ticket.

Sign in

Open new ticket

Describe what you need help with. The provider team gets an email and replies on the ticket page.

  • No tickets yet for this API.

Subscription active — calls can start immediately.

Send your first request —

Subscription active — copy a snippet and fire off your first call.