Allows sites to indicate which cookies are allowed to be set or sent in contexts where all ancestor frames belong to the same First-Party Set.

Motivation

In order to increase privacy on the web, browser vendors are either planning or already shipping restrictions on cross-site tracking, such as phasing out third-party cookies. However, modern websites are typically served over multiple domains/sites, many of which are owned by the same organization. First-Party Sets provides a mechanism to group domains/sites belonging to the same organization as being same-party with each other, and thus defines a privacy boundary for websites. The SameParty cookie attribute provides web developers a means to annotate cookies that are allowed to be set or sent in same-party, cross-site contexts; and hence should not be subject to obsoletion. In addition, SameParty cookies are blocked in cross-party, cross-site contexts.

Status in Chromium

Internals>Network>Cookies


Origin trial (tracking bug) in:

  • Chrome for desktop release 89
  • Chrome for Android release 89

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

Owners

Intent to Prototype url

Intent to Prototype thread

Search tags

same-party, same, party, first-party, sets, first, cookie, attribute,

Last updated on 2021-02-25