Does Chrome DevTools have a built-in cookie export feature?

No. Chrome DevTools lets you view and edit cookies in the Application panel, but it does not offer an export button. You can manually copy rows from the table, but field types, flags (HttpOnly, Secure, SameSite), and expiry dates are not preserved in a structured format. A Manifest V3 extension like CookieVault Editor provides true one-click export.

What is the difference between JSON and Netscape cookies.txt format?

JSON exports cookies as structured objects with typed fields (domain, path, value, expiry as Unix timestamp, boolean flags). Netscape cookies.txt is a tab-separated plain text format originally designed for Netscape Navigator and still used by curl, wget, and some testing tools. JSON is better for programmatic processing; Netscape is better for command-line tool compatibility.

Can I export HttpOnly cookies?

Yes, but only via DevTools or a Manifest V3 extension. The HttpOnly flag prevents JavaScript (`document.cookie`) from reading the cookie, but DevTools and extensions that use the `chrome.cookies` API have privileged access and can export HttpOnly cookies. A JavaScript-based export snippet running in the page context will miss all HttpOnly cookies.

How do I use exported cookies with curl?

Export in Netscape cookies.txt format, then use `curl -b cookies.txt https://example.com`. curl reads the file and sends the matching cookies with each request. This is useful for scripting authenticated API calls or reproducing session-specific bugs from the command line.

Can I import exported cookies into a different browser or profile?

Yes. CookieVault Editor's Import function reads JSON and Netscape formats and writes each cookie to the target browser's cookie store via `chrome.cookies.set()`. This works across Chrome profiles and on any Chromium-based browser (Edge, Brave, Arc). For Firefox, you need a Firefox-compatible extension that reads the same format.

Do exported cookies include third-party cookies?

It depends on the export scope. A per-domain export includes only cookies for the selected domain. An "All cookies" export includes every cookie in the browser, including third-party cookies set by embedded iframes, ad networks, and analytics providers. Be cautious when sharing all-cookies exports — they may contain session tokens for sensitive sites.

How large is a typical cookie export file?

A single-domain export is usually under 10 KB. A full browser export varies widely — a browser with cookies from 500 domains might produce a JSON file of 200-500 KB. The Netscape format produces slightly smaller files because it omits metadata fields. HAR files are much larger because they include full request and response data.

Can I automate cookie exports on a schedule?

CookieVault Editor does not currently support scheduled exports, but you can automate exports using a headless Chrome setup with Puppeteer or Playwright. Both frameworks expose a `page.cookies()` or `context.cookies()` method that returns the cookie array as JSON. Run the script on a cron schedule and write the output to a file or object store.

How to export Chrome cookies to JSON

TL;DR: To export Chrome cookies to JSON, install CookieVault Editor, click Export, and choose JSON (or Netscape cookies.txt for curl/wget). Chrome DevTools does not have a built-in export feature. For automated exports in CI/CD, use Puppeteer’s page.cookies() or Playwright’s context.cookies().

Exporting Chrome cookies to JSON is the process of serializing the browser’s cookie store into a structured file that can be backed up, shared, imported into another browser profile, or fed to command-line tools like curl and wget. Chrome’s DevTools Application panel lets you view and edit cookies but does not offer an export button — a Manifest V3 extension or a headless browser script is required for structured export¹. This guide covers three methods in order of practicality for different workflows.

Quick comparison: export methods

In short: Use a Manifest V3 extension for interactive one-click exports. Use Puppeteer or Playwright for automated exports in CI/CD pipelines. Use the DevTools console for quick one-off grabs when you cannot install an extension, keeping in mind that HttpOnly cookies will be missing.

Method	Exports HttpOnly cookies	Output format	Automation support	Requires extension
CookieVault Editor (extension)	Yes	JSON, Netscape, HAR	No (manual click)	Yes
Puppeteer `page.cookies()`	Yes	JSON (via `JSON.stringify`)	Yes (scriptable, CI-ready)	No (headless Chrome)
Playwright `context.cookies()`	Yes	JSON (via `JSON.stringify`)	Yes (scriptable, CI-ready)	No (headless Chromium)
DevTools console `document.cookie`	No (misses HttpOnly)	Raw string (manual parsing)	No	No
HAR export via DevTools Network	Partial (in request headers)	HAR	No	No

According to the Chrome DevTools documentation, the Application panel’s cookie table is designed for inspection and editing, not for data export¹. The Network panel can export full request archives as HAR files that include cookie headers, but extracting individual cookies from HAR requires post-processing.

Method 1: CookieVault Editor (recommended)

In short: CookieVault Editor exports cookies from a toolbar popup in three formats — JSON for structured data, Netscape cookies.txt for curl/wget, and HAR for full request archives. One click per export, including HttpOnly cookies.

The eight-step export workflow:

Decide which cookies to export — determine whether you need a single-domain export (e.g., staging.example.com) or a full browser export. Single-domain exports are smaller and safer to share; full exports capture your entire session state.
Choose an export format — JSON for programmatic use and re-import. Netscape cookies.txt for curl -b and wget --load-cookies. HAR for full request archives including headers and response bodies.
Install CookieVault Editor — install from the Chrome Web Store. The extension requests the cookies permission to access the full cookie store, including HttpOnly cookies.
Open the extension popup — click the CookieVault Editor toolbar icon. The popup shows all cookies for the current domain. Click “All cookies” to see every cookie in the browser.
Click Export — the format picker appears. Select JSON, Netscape cookies.txt, or HAR.
Save the file — Chrome opens a file-save dialog. Choose a location and filename.
Verify the export — open the file in a text editor or JSON viewer. Confirm that the expected cookies are present and that HttpOnly cookies are included.
Use the exported file — feed it to your downstream tool: curl -b cookies.txt, Playwright’s context.addCookies(), or CookieVault Editor’s Import function for cross-profile session transfer.

Important: Exported cookie files contain authentication tokens. Treat them like passwords — do not commit them to version control, do not share them over unencrypted channels, and delete them when no longer needed.

Method 2: Puppeteer or Playwright (automated)

In short: For CI/CD pipelines, test fixture generation, and scripted workflows, Puppeteer’s page.cookies() and Playwright’s context.cookies() return the cookie array as JSON. Both include HttpOnly cookies. Write the output to a file with JSON.stringify.

A minimal Puppeteer export script:

const puppeteer = require('puppeteer');
const fs = require('fs');

(async () => {
  const browser = await puppeteer.launch();
  const page = await browser.newPage();
  await page.goto('https://example.com');
  // Authenticate if needed (page.type, page.click, etc.)
  const cookies = await page.cookies();
  fs.writeFileSync('cookies.json', JSON.stringify(cookies, null, 2));
  await browser.close();
})();

The equivalent Playwright approach:

const { chromium } = require('playwright');
const fs = require('fs');

(async () => {
  const browser = await chromium.launch();
  const context = await browser.newContext();
  const page = await context.newPage();
  await page.goto('https://example.com');
  const cookies = await context.cookies();
  fs.writeFileSync('cookies.json', JSON.stringify(cookies, null, 2));
  await browser.close();
})();

Both methods return an array of cookie objects with typed fields: name, value, domain, path, expires (Unix timestamp), httpOnly, secure, sameSite. The output is directly compatible with context.addCookies() for re-import.

Method 3: DevTools console (limited)

In short: Running document.cookie in the DevTools console returns a semicolon-separated string of cookie name=value pairs for the current domain. This method is fast but incomplete — HttpOnly cookies are excluded and metadata (expiry, flags, path) is lost.

The document.cookie approach works as a quick fallback when you cannot install an extension:

Open DevTools (F12) → Console tab
Type document.cookie and press Enter
Copy the output string
Parse manually or use a script to split on ; and then on =

This method has three significant limitations:

HttpOnly cookies are invisible to JavaScript — they are excluded from document.cookie
Cookie metadata (expiry, SameSite, Secure, HttpOnly, Path, Domain) is not included
Third-party cookies set by other domains are not accessible from the current page’s JavaScript context

For anything beyond a quick sanity check, use Method 1 or Method 2.

Export format reference

In short: JSON and Netscape are the two most common export formats. JSON preserves all metadata and is re-importable. Netscape is a legacy format designed for curl/wget compatibility. HAR is a full-request archive that includes cookies as part of the HTTP headers.

JSON format

[
  {
    "name": "session_id",
    "value": "abc123def456",
    "domain": ".example.com",
    "path": "/",
    "expires": 1756252800,
    "httpOnly": true,
    "secure": true,
    "sameSite": "Lax"
  }
]

JSON advantages:

Typed fields (boolean for flags, number for expiry)
Directly compatible with Puppeteer/Playwright addCookies()
Schema-validatable
Human-readable and diffable
Supports nested structures for grouping by domain

Netscape cookies.txt format

# Netscape HTTP Cookie File
.example.com	TRUE	/	TRUE	1756252800	session_id	abc123def456

Each line has seven tab-separated fields: domain, include subdomains (TRUE/FALSE), path, secure (TRUE/FALSE), expiry (Unix timestamp), name, value.

Netscape advantages:

Direct compatibility with curl -b and wget --load-cookies
Compact file size
Supported by virtually every command-line HTTP tool
Simple to parse with shell scripts (awk, cut)

When to use which format

Use case	Recommended format
Backup and restore across browser profiles	JSON
Feed cookies to `curl` or `wget`	Netscape cookies.txt
Share test fixtures with QA team	JSON
Archive full request/response for debugging	HAR
Automate in CI/CD with Puppeteer/Playwright	JSON
Import into Postman or Insomnia	JSON (via collection import)

Security considerations for exported cookies

In short: Cookie export files are credential-equivalent artifacts. A leaked session cookie file gives anyone full access to your authenticated sessions. Handle them with the same care as passwords and API keys.

Six security rules for handling exported cookie files:

Never commit cookie export files to version control — add *.cookies.json and cookies.txt to .gitignore
Do not share exports over unencrypted channels (email, Slack DMs without E2E encryption, public Pastebin)
Delete export files when no longer needed — session cookies in a file remain valid until the server expires the session
Restrict file permissions on shared development machines (chmod 600 cookies.json on Linux/Mac)
When sharing test fixtures, replace real session values with placeholder tokens and document the replacement
If an export file is accidentally leaked, invalidate all affected sessions immediately by logging out of the sites and changing passwords

These precautions apply equally to JSON, Netscape, and HAR formats — all three contain the raw cookie values that authenticate your sessions.