About Cookie Watch

Cookie Watch is a testing tool for analyzing how browsers handle third-party cookies and cross-site requests across different request methods.

What does it test?

This tool tests 100+ different ways a website can make cross-site requests, including:

• Navigation - Links, form submissions, redirects, meta refresh
• Fetch/XHR - fetch(), XMLHttpRequest, sendBeacon
• Frames - iframe, frame, object, embed
• Media - img, video, audio, picture
• Scripts - script tags, dynamic imports, modules
• Workers - Service Workers, Shared Workers, Web Workers
• CSS - background-image, @font-face, @import, cursor
• Link elements - preload, prefetch, prerender, stylesheet
• SVG - image, script, use, feImage
• WebSocket/WebTransport - Real-time connections

What does it measure?

For each request method, Cookie Watch records:

• Cookies sent - Which SameSite attributes are included (Default, None, Lax, Strict)
• Sec-Fetch-Dest - The request destination metadata
• Sec-Fetch-Site - Cross-site vs same-origin classification
• Authorization - Whether HTTP Basic Auth credentials are sent

Use Cases

• Understanding browser cookie policies and third-party cookie blocking
• Testing Chrome's third-party cookie deprecation
• Comparing behavior across browsers (Chrome, Firefox, Safari, etc.)
• Analyzing Cookie Access Heuristics and exemptions
• Security research on cross-site request behavior (e.g., for CSRF, XS-Leaks, etc.)

How to Use

1. Set Cookies - First, set test cookies on the cross-site domain
2. Run Tests - Execute all or specific request methods
3. View Results - See which cookies were sent for each method
4. Compare - Add results to the comparison table to compare browsers