Keywords: cookies, extension-based attacks, session hijacking, internet security, cookie validation protocol A chain is only as strong as its weakest link. When speaking of security, this is especially true. In terms of the web, one of the most vulnerable links are the cookies. They are used for a multitude of purposes, from tracking whom the client is, to gathering info on what the user recently looked up. However, they can become a huge liability. There is no verification for them, making them vulnerable to session hijacking attacks, among others. In this paper, we are proposing a protocol for cookie validation. The user would be required to install an extension, but the server would handle all other changes. The protocol verifies the user’s cookies whenever they make a request. As a result, the response times become slower as the server must ensure that no race conditions occur when it receives the verification information as well as the request. However, the protocol falls short on a multitude of levels. For one, it is easy for an attacker to find out if the website is making use of the protocol. All they would have to do is ping the standardized path for the verification information. More importantly, by promoting the use of a high privilege extension as part of the protocol, we are introducing a new vulnerability to the user’s information. Ultimately, the protocol adds too many risks, and its limitations deter it from its benefits.