Given that Chrome plans on obsoleting third-party cookies, we want to give developers the ability to use cookies in third-party contexts that are partitioned by top-level site to meet use cases that are not cross-site tracking related (e.g. SaaS embeds, headless CMS, sandbox domains, etc.). In order to do so, we introduce a mechanism to opt-in to having their third-party cookies partitioned by top-level site using a new cookie attribute, Partitioned.

Motivation

New browser privacy models restrict sites' ability to track user activity across top-level contexts, and Chrome plans on blocking cross-site cookies available to third-parties in multiple top-level contexts. Although these cross-site cookies are now widely recognized as being a cross-site tracking mechanism, there are several other use cases for cross-party cookies on the web today, e.g. SaaS embeds, headless CMS, sandbox domains, etc. In order to support the non-tracking-related use cases for third-party cookies above, we plan to introduce a new cookie attribute, Partitioned, to support cross-site cookies that are partitioned by top-level context, i.e. partitioned by top-level site (or that site's First-Party Set if it has one). These cookies will not be restricted by cross-site cookie blocking since they cannot be used to track users' activity across different sites.

Status in Chromium

Blink components: Internals>Network>Cookies

Implementation status: No active development (tracking bug)

Consensus & Standardization

• Firefox: No signal
• Edge: No signal
• Safari: No signal
• Web Developers: No signals

Owners

• dylancutler@google.com
• kaustubhag@google.com

Intent to Prototype url

Last updated on 2021-08-12