'SameSite' cookie attribute

Same-site cookies (née "First-Party-Only" (née "First-Party")) allow servers to mitigate the risk of CSRF and information leakage attacks by asserting that a particular cookie should only be sent with requests initiated from the same registrable domain.

IE Edge Firefox Chrome Safari Opera iOS Safari Opera Mini Android Browser Blackberry Browser Opera Mobile Chrome for Android Firefox for Android IE Mobile UC Browser for Android Samsung Internet QQ Browser Baidu Browser
49
56 9.3 4.4
14 52 57 10 10.0-10.2 4.4.3-4.4.4 4
11 15 53 58 10.1 44 10.3 all 56 10 37 57 52 11 11.4 5 1.2 7.12
54 59 TP 45
55 60 46
56 61

Notes

This feature is backwards compatible. Browsers not supporting this feature will simply use the cookie as a regular cookie. There is no need to deliver different cookies to clients.

Links