How we built it

'SameSite' cookie attribute

Same-site cookies (née "First-Party-Only" (née "First-Party")) allow servers to mitigate the risk of CSRF and information leakage attacks by asserting that a particular cookie should only be sent with requests initiated from the same registrable domain.

Specification

Editor's draft

Status in Chromium

Enabled by default (launch bug) in:

  • Chrome for desktop release 51
  • Chrome for Android release 51
  • Android WebView release 51
  • Opera release 39
  • Opera for Android release 39

Consensus & Standardization

  • Public support
  • No public signals
  • No public signals
  • Positive

Owner

Last updated on 2016-03-29