'SameSite' cookie attribute
Same-site cookies (née "First-Party-Only" (née "First-Party")) allow servers to mitigate the risk of CSRF and information leakage attacks by asserting that a particular cookie should only be sent with requests initiated from the same registrable domain.
IE | Edge | Firefox | Chrome | Safari | Opera | iOS Safari | Opera Mini | Android Browser | Blackberry Browser | Opera Mobile | Chrome for Android | Firefox for Android | IE Mobile | UC Browser for Android | Samsung Internet | QQ Browser | Baidu Browser |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
49 | |||||||||||||||||
56 | 9.3 | 4.4 | |||||||||||||||
14 | 52 | 57 | 10 | 10.0-10.2 | 4.4.3-4.4.4 | 4 | |||||||||||
11 | 15 | 53 | 58 | 10.1 | 44 | 10.3 | all | 56 | 10 | 37 | 57 | 52 | 11 | 11.4 | 5 | 1.2 | 7.12 |
54 | 59 | TP | 45 | ||||||||||||||
55 | 60 | 46 | |||||||||||||||
56 | 61 |
Notes
This feature is backwards compatible. Browsers not supporting this feature will simply use the cookie as a regular cookie. There is no need to deliver different cookies to clients.