diff --git a/src/cookie.mjs b/src/cookie.mjs
index 7cacd37..03dba0e 100644
--- a/src/cookie.mjs
+++ b/src/cookie.mjs
@@ -32,11 +32,16 @@ export default class Cookie {
     constructor(str, requestURL) {
         if(typeof str !== "string")
             throw paramError("First", "str", "new Cookie()", "string");
+        if(typeof requestURL !== "string")
+            throw paramError("Second", "requestURL", "new Cookie()", "string");
 
+        // check if url is valid
+        new url.URL(requestURL);
+        
         const splitted = str.split("; ");
         [this.name, this.value] = splitN(splitted[0], "=", 1);
         if(!this.name)
-            throw new CookieParseError("Invalid cookie name \"" + this.name + "\"");
+            throw new CookieParseError("Invalid cookie name \"" + this.name + "\"!");
         if(this.value.startsWith("\"") && this.value.endsWith("\""))
             this.value = this.value.slice(1, -1);
 
@@ -50,7 +55,8 @@ export default class Cookie {
                     if(this.expiry) // max-age has precedence over expires
                         continue;
                     if(!/^(?:Mon|Tue|Wed|Thu|Fri|Sat|Sun), \d{2}[ -](?:Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)[ -]\d{2,4} \d{2}:\d{2}:\d{2} GMT$/.test(v)
-                        || (this.expiry = new Date(v)) === "Invalid Date")
+                        || (this.expiry = new Date(v)).toString() === "Invalid Date"
+                        || this.expiry.getTime() < 0)
                         throw new CookieParseError("Invalid value for Expires \"" + v + "\"!");
                 }
                 else if(k === "max-age") {
@@ -87,7 +93,7 @@ export default class Cookie {
 
         if(this.name.toLowerCase().startsWith("__secure-") && (!this.secure || parsedURL.protocol !== "https:"))
             throw new CookieParseError("Cookie has \"__Secure-\" prefix but \"Secure\" isn't set or the cookie is not set via https!");
-        if(this.name.toLowerCase().startsWith("__host-") && (!this.secure || parsedURL.protocol !== "https:" || this.domain || (this.path && this.path !== "/")))
+        if(this.name.toLowerCase().startsWith("__host-") && (!this.secure || parsedURL.protocol !== "https:" || this.domain || this.path !== "/"))
             throw new CookieParseError("Cookie has \"__Host-\" prefix but \"Secure\" isn't set, the cookie is not set via https, \"Domain\" is set or \"Path\" is not equal to \"/\"!");
 
         // assign defaults