Same-site cookies (née "First-Party-Only" (née "First-Party")) allow servers to mitigate the risk of CSRF and information leakage attacks by asserting that a particular cookie should only be sent with requests initiated from the same registrable domain.
Specification
Status in Chromium
Enabled by default (tracking bug) in:
- Chrome for desktop release 51
- Chrome for Android release 51
- Android WebView release 51
Consensus & Standardization
After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.
- Shipped/Shipping
- No signal
- No signal
- Positive
Owner
Last updated on 2020-11-09