CRX id
ioggofkhhoocblooiohccaipbbaeilkf
ioggofkhhoocblooiohccaipbbaeilkf
Description from extension meta
Checks cookies for secure attributes and assigns a risk score based on security metrics.
Image from store
Description from store
WHAT IT DOES:
Manifest V3 Structure:
Uses a background service worker, proper permissions (cookies), and host permissions.
Cookie Table Display:
Presents a sortable table with key details:
Cookie Name
Domain
Secure flag
HttpOnly flag
SameSite attribute
Expiration/Session status
Calculated Risk (0–10) with a color-coded visual gauge
A Remove button for each cookie
Risk Calculation:
Computes a risk score based solely on cookie attributes:
Missing Secure flag (+2)
Missing HttpOnly flag (+2)
SameSite setting (“none” or undefined adds more risk, “lax” adds less)
Expiration details (session cookies get a higher risk score)
Cookiepedia Integration:
Provides a clearly visible “View Details” link (styled as a button) next to each cookie name that opens a Cookiepedia page for that cookie.
Sorting Functionality:
Allows users to sort by cookie name, risk, domain, and other attributes by clicking on the table headers.
Cookie Management:
Users can manually remove cookies directly from the popup.
Security Goals Achieved:
Visibility of Cookie Security Posture:
Clearly shows which cookies are at higher risk due to missing security attributes.
Actionable Insights:
Enables users to quickly identify and remove insecure cookies.
User Education:
Integrates external context through Cookiepedia, helping users understand cookie functions.
Organized Analysis:
Sorting and a visual risk gauge help prioritize which cookies might need attention.
WHAT IT DOES NOT DO:
Real-Time Notifications:
No built-in pop-ups or notifications alert users immediately when a high-risk cookie is added or modified.
Inline Cookie Usage Monitoring:
The extension does not track or display how frequently cookies are accessed by pages (e.g., via JavaScript), which could be critical for session hijack prevention.
Dynamic Behavioral Analysis:
It doesn’t integrate history or runtime usage patterns to factor into the risk assessment.
Prevention Mechanisms:
The tool is diagnostic—it doesn’t actively block or prevent insecure cookie usage, only alerts the user for manual intervention.
Inline JavaScript Access Monitoring:
There is no injection or override mechanism to detect when document.cookie is accessed by page scripts.
Statistics
Installs
4
history
Category
Rating
0.0 (0 votes)
Last update / version
2025-03-10 / 1.0
Listing languages
en