'SameParty' cookie attribute - Chrome Platform Status

Feature: 'SameParty' cookie attribute

Allows sites to indicate which cookies are allowed to be set or sent in contexts where all ancestor frames belong to the same First-Party Set.

Motivation

In order to increase privacy on the web, browser vendors are either planning or already shipping restrictions on cross-site tracking, such as phasing out third-party cookies. However, modern websites are typically served over multiple domains/sites, many of which are owned by the same organization. First-Party Sets provides a mechanism to group domains/sites belonging to the same organization as being same-party with each other, and thus defines a privacy boundary for websites. The SameParty cookie attribute provides web developers a means to annotate cookies that are allowed to be set or sent in same-party, cross-site contexts; and hence should not be subject to obsoletion. In addition, SameParty cookies are blocked in cross-party, cross-site contexts.

Documentation

https://docs.google.com/document/d/16m5IfppdmmL-Zwk9zW8tJD4iHTVGJOLRP7g-QwBwX5c/edit?usp=sharing

Status in Chromium

Blink components: Internals>Network>Cookies

Implementation status: Origin trial (tracking bug)

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

Firefox: Harmful
Edge: Positive
Safari: Positive
Web Developers: Positive

Owners

Intent to Prototype url

Intent to Prototype thread

Search tags

same-party, same, party, first-party, sets, first, cookie, attribute,

Last updated on 2021-10-08