'SameSite' cookie attribute
SecuritySame-site cookies (née "First-Party-Only" (née "First-Party")) allow servers to mitigate the risk of CSRF and information leakage attacks by asserting that a particular cookie should only be sent with requests initiated from the same registrable domain.
Specification
Implementation Status
Enabled by default in desktop Chrome 51 (launch bug)
Available in Chrome for Android release 51.
Available in Android WebView release 51.
Consensus & Standardization
- Public support
- No public signals
- Shipped in release 39
- Shipped in release 39
- No public signals
- Positive
Owner
Last updated on 2016-03-29