diff --git a/files/en-us/web/api/cookiestore/delete/index.md b/files/en-us/web/api/cookiestore/delete/index.md index 4c08d01ce1da95c..660342c846f5e06 100644 --- a/files/en-us/web/api/cookiestore/delete/index.md +++ b/files/en-us/web/api/cookiestore/delete/index.md @@ -14,7 +14,7 @@ browser-compat: api.CookieStore.delete {{securecontext_header}}{{APIRef("Cookie Store API")}}{{SeeCompatTable}} -The **`delete()`** method of the {{domxref("CookieStore")}} interface deletes a cookie with the given name or options object. (See below.) The `delete()` method expires the cookie by changing the date to one in the past. +The **`delete()`** method of the {{domxref("CookieStore")}} interface deletes a cookie with the given name or options object. The `delete()` method expires the cookie by changing the date to one in the past. ## Syntax @@ -29,16 +29,21 @@ This method requires one of the following: - `name` - : A string with the name of a cookie. + +Or + - `options` - : An object containing: - `name` - : A string with the name of a cookie. - - `url` {{Optional_Inline}} - - : A string with the URL of a cookie. + - `partitioned` {{Optional_Inline}} + - : A boolean value that defaults to `false`. Setting it to `true` specifies that the cookie to delete will be a partitioned cookie. See [Cookies Having Independent Partitioned State (CHIPS)](/en-US/docs/Web/Privacy/Partitioned_cookies) for more information. - `path` {{Optional_Inline}} - : A string containing a path. + - `url` {{Optional_Inline}} + - : A string with the URL of a cookie. > **Note:** The `url` option enables the modification of a cookie scoped under a particular URL. Service workers can obtain cookies that would be sent to any URL under their scope. From a document you may only obtain the cookies at the current URL, so the only valid URL in a document context is the document's URL. diff --git a/files/en-us/web/api/cookiestore/get/index.md b/files/en-us/web/api/cookiestore/get/index.md index 658fbb6f68ad35d..d5eed715a53eb77 100644 --- a/files/en-us/web/api/cookiestore/get/index.md +++ b/files/en-us/web/api/cookiestore/get/index.md @@ -14,7 +14,7 @@ browser-compat: api.CookieStore.get {{securecontext_header}}{{APIRef("Cookie Store API")}}{{SeeCompatTable}} -The **`get()`** method of the {{domxref("CookieStore")}} interface returns a single cookie with the given name or options object. (See below.) The method will return the first matching cookie for the passed parameters. +The **`get()`** method of the {{domxref("CookieStore")}} interface returns a single cookie with the given name or options object. The method will return the first matching cookie for the passed parameters. ## Syntax @@ -29,6 +29,9 @@ This method requires one of the following: - `name` - : A string with the name of a cookie. + +Or + - `options` - : An object containing: @@ -42,23 +45,26 @@ This method requires one of the following: ### Return value -A {{jsxref("Promise")}} that resolves with an object containing the first cookie matching the submitted name or options. This object contains the following properties: +A {{jsxref("Promise")}} that resolves with an object representing the first cookie matching the submitted name or options. This object contains the following properties: -- `name` - - : A string containing the name of the cookie. -- `value` - - : A string containing the value of the cookie. - `domain` - : A string containing the domain of the cookie. -- `path` - - : A string containing the path of the cookie. + - `expires` - : A timestamp, given as [Unix time](/en-US/docs/Glossary/Unix_time) in milliseconds, containing the expiration date of the cookie. -- `secure` - - : A boolean value indicating whether the cookie is to be used in secure contexts only. + +- `name` + - : A string containing the name of the cookie. + +- `partitioned` + - : A boolean indicating whether the cookie is a partitioned cookie (`true`) or not (`false`). See [Cookies Having Independent Partitioned State (CHIPS)](/en-US/docs/Web/Privacy/Partitioned_cookies) for more information. + +- `path` + - : A string containing the path of the cookie. + - `sameSite` - - : One of the following [SameSite](/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) values: + - : One of the following [SameSite](/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) values (see [SameSite cookies explained](https://web.dev/samesite-cookies-explained/) for more information): - `"strict"` - : Cookies will only be sent in a first-party context and not be sent with requests initiated by third party websites. @@ -67,7 +73,11 @@ A {{jsxref("Promise")}} that resolves with an object containing the first cookie - `"none"` - : Cookies will be sent in all contexts. - > **Note:** For more information on SameSite cookies see [SameSite cookies explained](https://web.dev/samesite-cookies-explained/). +- `secure` + - : A boolean value indicating whether the cookie is to be used in secure contexts only (`true`) or not (`false`). + +- `value` + - : A string containing the value of the cookie. ### Exceptions diff --git a/files/en-us/web/api/cookiestore/getall/index.md b/files/en-us/web/api/cookiestore/getall/index.md index 9cb34f65b6cc3b6..c3b06e673d5631b 100644 --- a/files/en-us/web/api/cookiestore/getall/index.md +++ b/files/en-us/web/api/cookiestore/getall/index.md @@ -27,6 +27,9 @@ getAll(options) - `name` {{optional_inline}} - : A string with the name of a cookie. + +Or + - `options` {{optional_inline}} - : An object containing: @@ -40,7 +43,41 @@ getAll(options) ### Return value -A {{jsxref("Promise")}} that resolves with a list of cookies for the given name or options. +A {{jsxref("Promise")}} that resolves with an array of objects representing cookies that match the given name or options. + +Each object contains the following properties: + +- `domain` + - : A string containing the domain of the cookie. + +- `expires` + - : A timestamp, given as [Unix time](/en-US/docs/Glossary/Unix_time) in milliseconds, containing the expiration date of the cookie. + +- `name` + - : A string containing the name of the cookie. + +- `partitioned` + - : A boolean indicating whether the cookie is a partitioned cookie (`true`) or not (`false`). See [Cookies Having Independent Partitioned State (CHIPS)](/en-US/docs/Web/Privacy/Partitioned_cookies) for more information. + +- `path` + - : A string containing the path of the cookie. + +- `sameSite` + + - : One of the following [SameSite](/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) values (see [SameSite cookies explained](https://web.dev/samesite-cookies-explained/) for more information): + + - `"strict"` + - : Cookies will only be sent in a first-party context and not be sent with requests initiated by third party websites. + - `"lax"` + - : Cookies are not sent on normal cross-site subrequests (for example to load images or frames into a third party site), but are sent when a user is navigating within the origin site (i.e. when following a link). + - `"none"` + - : Cookies will be sent in all contexts. + +- `secure` + - : A boolean value indicating whether the cookie is to be used in secure contexts only (`true`) or not (`false`). + +- `value` + - : A string containing the value of the cookie. ### Exceptions diff --git a/files/en-us/web/api/cookiestore/set/index.md b/files/en-us/web/api/cookiestore/set/index.md index 1789fa182be09d5..1726cab05b0b629 100644 --- a/files/en-us/web/api/cookiestore/set/index.md +++ b/files/en-us/web/api/cookiestore/set/index.md @@ -14,7 +14,7 @@ browser-compat: api.CookieStore.set {{securecontext_header}}{{APIRef("Cookie Store API")}}{{SeeCompatTable}} -The **`set()`** method of the {{domxref("CookieStore")}} interface sets a cookie with the given name and value or options object. (See below.) +The **`set()`** method of the {{domxref("CookieStore")}} interface sets a cookie with the given name and value or options object. ## Syntax @@ -31,23 +31,26 @@ This method requires one of the following: - : A string with the name of the cookie. - `value` - : A string with the value of the cookie. + +Or + - `options` - : An object containing: - - `name` - - : A string with the name of a cookie. - - `value` - - : A string with the value of the cookie. - - `expires` {{Optional_Inline}} - - : A timestamp, given as [Unix time](/en-US/docs/Glossary/Unix_time) in milliseconds, containing the expiration date of the cookie. - `domain` {{Optional_Inline}} - : A string containing the domain of the cookie. + - `expires` {{Optional_Inline}} + - : A timestamp, given as [Unix time](/en-US/docs/Glossary/Unix_time) in milliseconds, containing the expiration date of the cookie. + - `name` + - : A string with the name of a cookie. + - `partitioned` {{Optional_Inline}} + - : A boolean value that defaults to `false`. If set to `true`, the set cookie will be a partitioned cookie. See [Cookies Having Independent Partitioned State (CHIPS)](/en-US/docs/Web/Privacy/Partitioned_cookies) for more information. - `path` {{Optional_Inline}} - : A string containing the path of the cookie. - `sameSite` {{Optional_Inline}} - - : One of the following [SameSite](/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) values: + - : One of the following [SameSite](/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) values (see [SameSite cookies explained](https://web.dev/samesite-cookies-explained/) for more information): - `"strict"` - : Cookies will only be sent in a first-party context and not be sent along with requests initiated by third party websites. @@ -56,7 +59,8 @@ This method requires one of the following: - `"none"` - : Cookies will be sent in all contexts. - > **Note:** For more information on SameSite cookies see [SameSite cookies explained](https://web.dev/samesite-cookies-explained/). + - `value` + - : A string with the value of the cookie. ### Return value diff --git a/files/en-us/web/api/document/cookie/index.md b/files/en-us/web/api/document/cookie/index.md index b177b293f998646..0c563ef2bb00b26 100644 --- a/files/en-us/web/api/document/cookie/index.md +++ b/files/en-us/web/api/document/cookie/index.md @@ -42,33 +42,19 @@ not abide by this. document.cookie = newCookie; ``` -In the code above, `newCookie` is a string of form -`key=value`. Note that you can only set/update a -single cookie at a time using this method. Consider also that: +In the code above, `newCookie` is a string of form `key=value`, specifying the cookie to set/update. Note that you can only set/update a single cookie at a time using this method. Consider also that: - Any of the following cookie attribute values can optionally follow the key-value - pair, specifying the cookie to set/update, and preceded by a semicolon separator: - - - `;path=path` (e.g., '`/`', - '`/mydir`') If not specified, defaults to the current path - of the current document location. + pair, each preceded by a semicolon separator: - `;domain=domain` (e.g., - '`example.com`' or '`subdomain.example.com`'). If - not specified, this defaults to the host portion of the current document - location. Contrary to earlier specifications, leading dots in domain names - are ignored, but browsers may decline to set the cookie containing such - dots. If a domain is specified, subdomains are always included. + '`example.com`' or '`subdomain.example.com`'): The host to which the cookie will be sent. If not specified, this defaults to the host portion of the current document location. Contrary to earlier specifications, leading dots in domain names are ignored, but browsers may decline to set the cookie containing such dots. If a domain is specified, subdomains are always included. > **Note:** The domain _must_ match > the domain of the JavaScript origin. Setting cookies to foreign > domains will be silently ignored. - - `;max-age=max-age-in-seconds` (e.g., - `60*60*24*365` or 31536000 for a year) - - `;expires=date-in-GMTString-format` If neither - `expires` nor `max-age` specified it will expire at - the end of session. + - `;expires=date-in-GMTString-format`: The expiry date of the cookie. If neither `expires` nor `max-age` specified it will expire at the end of session. > **Warning:** When user privacy is a concern, it's important that any web app > implementation invalidate cookie data after a certain timeout @@ -76,16 +62,19 @@ single cookie at a time using this method. Consider also that: > users specify that cookies should never expire, which is not > necessarily safe. - - See {{jsxref("Date.toUTCString()")}} for help formatting this + See {{jsxref("Date.toUTCString()")}} for help formatting this value. - - `;secure` Cookie to only be transmitted - over secure protocol as https. Before Chrome 52, this flag could appear - with cookies from http domains. - - `;samesite` [SameSite](/en-US/docs/Web/HTTP/Cookies#samesite_cookies) - prevents the browser from sending this cookie along with cross-site - requests. Possible values are `lax`, - `strict` or `none`. + - `;max-age=max-age-in-seconds`: The maximum age of the cookie in seconds (e.g., + `60*60*24*365` or 31536000 for a year). + + - `;partitioned`: Indicates that the cookie should be stored using partitioned storage. See [Cookies Having Independent Partitioned State (CHIPS)](/en-US/docs/Web/Privacy/Partitioned_cookies) for more details. + + - `;path=path`: Indicates the path that must exist in the requested URL for the browser to send the {{httpheader("Cookie")}} header (e.g., '`/`', + '`/mydir`'). If not specified, it defaults to the current path of the current document location. + + - `;samesite`: [SameSite](/en-US/docs/Web/HTTP/Cookies#samesite_cookies) prevents the browser from sending this cookie along with cross-site + requests. Possible values are `lax`, `strict` or `none`. - The `lax` value will send the cookie for all same-site requests and top-level navigation GET requests. This is sufficient @@ -98,6 +87,8 @@ single cookie at a time using this method. Consider also that: be applied. The cookie will be sent in all requests—both cross-site and same-site. + - `;secure`: Specifies that the cookie should only be transmitted over a secure protocol. + - The cookie value string can use {{jsxref("Global_Objects/encodeURIComponent", "encodeURIComponent()")}} to ensure that the string does not contain any commas, semicolons, or whitespace (which are disallowed in cookie values). diff --git a/files/en-us/web/http/cookies/index.md b/files/en-us/web/http/cookies/index.md index ee95ea8ad9337d2..08e22b08ebc6021 100644 --- a/files/en-us/web/http/cookies/index.md +++ b/files/en-us/web/http/cookies/index.md @@ -221,7 +221,10 @@ Firefox, by default, blocks third-party cookies that are known to contain tracke Third-party cookies (or just tracking cookies) may also be blocked by other browser settings or extensions. Cookie blocking can cause some third-party components (such as social media widgets) not to function as intended. -> **Note:** Servers can (and should) set the cookie [SameSite attribute](/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) to specify whether or not cookies may be sent to third party sites. +There are some useful features available for developers who wish to respect user privacy, and minimize third-party tracking: + +- Servers can (and should) set the cookie [SameSite attribute](/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) to specify whether or not third-party cookies may be sent. +- [Cookies Having Independent Partitioned State (CHIPS)](/en-US/docs/Web/Privacy/Partitioned_cookies) enables developers to opt-in their cookies to partitioned storage, with a separate cookie jar per top-level site. This enables valid non-tracking uses of third-party cookies to continue working in browsers that do not allow cookies to be used for third-party tracking. ### Cookie-related regulations diff --git a/files/en-us/web/http/headers/set-cookie/index.md b/files/en-us/web/http/headers/set-cookie/index.md index c4d374e3bbf7484..6b0ce6e64283102 100644 --- a/files/en-us/web/http/headers/set-cookie/index.md +++ b/files/en-us/web/http/headers/set-cookie/index.md @@ -41,12 +41,13 @@ For more information, see the guide on [Using HTTP cookies](/en-US/docs/Web/HTTP ```http Set-Cookie: = +Set-Cookie: =; Domain= Set-Cookie: =; Expires= +Set-Cookie: =; HttpOnly Set-Cookie: =; Max-Age= -Set-Cookie: =; Domain= +Set-Cookie: =; Partitioned Set-Cookie: =; Path= Set-Cookie: =; Secure -Set-Cookie: =; HttpOnly Set-Cookie: =; SameSite=Strict Set-Cookie: =; SameSite=Lax @@ -79,6 +80,16 @@ Set-Cookie: =; Domain=; Secure; HttpOnl > > **`__Host-` prefix**: Cookies with names starting with `__Host-` must be set with the `secure` flag, must be from a secure page (HTTPS), must not have a domain specified (and therefore, are not sent to subdomains), and the path must be `/`. +- `Domain=` {{optional_inline}} + + - : Defines the host to which the cookie will be sent. + + If omitted, this attribute defaults to the host of the current document URL, not including subdomains. + + Contrary to earlier specifications, leading dots in domain names (`.example.com`) are ignored. + + Multiple host/domain values are _not_ allowed, but if a domain _is_ specified, then subdomains are always included. + - `Expires=` {{optional_inline}} - : Indicates the maximum lifetime of the cookie as an HTTP-date timestamp. @@ -92,17 +103,17 @@ Set-Cookie: =; Domain=; Secure; HttpOnl When an `Expires` date is set, the deadline is relative to the _client_ the cookie is being set on, not the server. +- `HttpOnly` {{optional_inline}} + - : Forbids JavaScript from accessing the cookie, for example, through the {{domxref("Document.cookie")}} property. + Note that a cookie that has been created with `HttpOnly` will still be sent with JavaScript-initiated requests, for example, when calling {{domxref("XMLHttpRequest.send()")}} or {{domxref("fetch()")}}. + This mitigates attacks against cross-site scripting ({{Glossary("Cross-site_scripting", "XSS")}}). + - `Max-Age=` {{optional_inline}} - : Indicates the number of seconds until the cookie expires. A zero or negative number will expire the cookie immediately. If both `Expires` and `Max-Age` are set, `Max-Age` has precedence. -- `Domain=` {{optional_inline}} - - : Defines the host to which the cookie will be sent. - - If omitted, this attribute defaults to the host of the current document URL, not including subdomains. +- `Partitioned` {{optional_inline}}{{experimental_inline}} - Contrary to earlier specifications, leading dots in domain names (`.example.com`) are ignored. - - Multiple host/domain values are _not_ allowed, but if a domain _is_ specified, then subdomains are always included. + - : Indicates that the cookie should be stored using partitioned storage. See [Cookies Having Independent Partitioned State (CHIPS)](/en-US/docs/Web/Privacy/Partitioned_cookies) for more details. - `Path=` {{optional_inline}} @@ -113,18 +124,6 @@ Set-Cookie: =; Domain=; Secure; HttpOnl - the request paths `/docs`, `/docs/`, `/docs/Web/`, and `/docs/Web/HTTP` will all match. - the request paths `/`, `/docsets`, `/fr/docs` will not match. -- `Secure` {{optional_inline}} - - - : Indicates that the cookie is sent to the server only when a request is made with the `https:` scheme (except on localhost), and therefore, is more resistant to [man-in-the-middle](/en-US/docs/Glossary/MitM) attacks. - - > **Note:** Do not assume that `Secure` prevents all access to sensitive information in cookies (session keys, login details, etc.). Cookies with this attribute can still be read/modified either with access to the client's hard disk or from JavaScript if the `HttpOnly` cookie attribute is not set. - > - > Insecure sites (`http:`) cannot set cookies with the `Secure` attribute (since Chrome 52 and Firefox 52). For Firefox, the `https:` requirements are ignored when the `Secure` attribute is set by localhost (since Firefox 75). - -- `HttpOnly` {{optional_inline}} - - : Forbids JavaScript from accessing the cookie, for example, through the {{domxref("Document.cookie")}} property. - Note that a cookie that has been created with `HttpOnly` will still be sent with JavaScript-initiated requests, for example, when calling {{domxref("XMLHttpRequest.send()")}} or {{domxref("fetch()")}}. - This mitigates attacks against cross-site scripting ({{Glossary("Cross-site_scripting", "XSS")}}). - `SameSite=` {{optional_inline}} - : Controls whether or not a cookie is sent with cross-site requests, @@ -154,6 +153,14 @@ Set-Cookie: =; Domain=; Secure; HttpOnl > > See the [Browser compatibility](/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite#browser_compatibility) table for information about specific browser implementation (rows: "`SameSite`: Defaults to `Lax`", "`SameSite`: Secure context required", and "`SameSite`: URL scheme-aware ("schemeful")"). +- `Secure` {{optional_inline}} + + - : Indicates that the cookie is sent to the server only when a request is made with the `https:` scheme (except on localhost), and therefore, is more resistant to [man-in-the-middle](/en-US/docs/Glossary/MitM) attacks. + + > **Note:** Do not assume that `Secure` prevents all access to sensitive information in cookies (session keys, login details, etc.). Cookies with this attribute can still be read/modified either with access to the client's hard disk or from JavaScript if the `HttpOnly` cookie attribute is not set. + > + > Insecure sites (`http:`) cannot set cookies with the `Secure` attribute (since Chrome 52 and Firefox 52). For Firefox, the `https:` requirements are ignored when the `Secure` attribute is set by localhost (since Firefox 75). + ## Examples ### Session cookie @@ -217,6 +224,14 @@ Set-Cookie: __Host-id=1; Secure Set-Cookie: __Host-id=1; Secure; Path=/; Domain=example.com ``` +### Partitioned cookie + +```http +Set-Cookie: __Host-example=34d8g; SameSite=None; Secure; Path=/; Partitioned; +``` + +> **Note:** Partitioned cookies must be set with `Secure` and `Path=/`. In addition, it is recommended to use the `__Host` prefix when setting partitioned cookies to make them bound to the hostname and not the registrable domain. + ## Specifications {{Specifications}} diff --git a/files/en-us/web/privacy/index.md b/files/en-us/web/privacy/index.md index 44092e8e0aa31d9..115b3d521029608 100644 --- a/files/en-us/web/privacy/index.md +++ b/files/en-us/web/privacy/index.md @@ -170,3 +170,4 @@ Browsers may choose to provide ways around this. For example, in Firefox 73, the - [Web security](/en-US/docs/Web/Security) - [Permissions API](/en-US/docs/Web/API/Permissions_API) - [Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy) +- [The Privacy Sandbox](https://developer.chrome.com/docs/privacy-sandbox/) diff --git a/files/en-us/web/privacy/partitioned_cookies/index.md b/files/en-us/web/privacy/partitioned_cookies/index.md new file mode 100644 index 000000000000000..a1261ea02407014 --- /dev/null +++ b/files/en-us/web/privacy/partitioned_cookies/index.md @@ -0,0 +1,72 @@ +--- +title: Cookies Having Independent Partitioned State (CHIPS) +slug: Web/Privacy/Partitioned_cookies +tags: + - Cookies Having Independent Partitioned State + - CHIPS + - Partitioned cookies + - Privacy +browser-compat: http.headers.Set-Cookie.Partitioned +--- + +{{QuicklinksWithSubPages("Web/Privacy")}}{{seecompattable}} + +**Cookies Having Independent Partitioned State** (**CHIPS**, also know as **Partitioned cookies**) allows developers to opt a cookie into partitioned storage, with a separate cookie jar per top-level site. + +A partitioned third-party cookie is tied to the top-level site where it's initially set and cannot be accessed from elsewhere. The aim is to allow cookies to be set by third-party services, but only read within the context of the top-level site where they were initially set. This allows cross-site tracking to be blocked, while still enabling non-tracking uses of third-party cookies such as persisting state of embedded maps or chat widgets across different sites, and persisting config information for subresource CDN load balancing and Headless CMS providers. + +## Cross-site tracking in a nutshell + +Historically, when a site embeds content via an {{htmlelement("iframe")}}, the embeded content can set a cookie on the user's device in response to the cross-site request. If the user visits other sites that embed the same content, the embedded content can access the same cookie originally set by the first instance of the embedded content. This enables the content owner to track user activity across these sites, and any other sites that embed the same content. + +For example: + +1. A user visits `https://site-a.example`, which embeds content from `https://3rd-party.example`. `https://3rd-party.example` sets a cookie on the user's device. +2. The user visits `https://site-b.example`, which also embeds `https://3rd-party.example`. This new instance of `https://3rd-party.example` is still able to access the cookie set when the user was on the previous page. + +This works because cookies are currently stored with a key based on the host or domain name of the site that set them, aka the **host key**. In the above case the cookie would be stored with a key of `("3rd-party.example")`. + +User privacy is a foremost concern, so browsers are starting to restrict how this behavior can be used to track users, however there are still valid uses for third-party cookies, as described above. CHIPs enables these uses cases and more, while still allowing browsers to preserve user privacy. + +## How does CHIPS work? + +Browsers with CHIPs support provide a new attribute for the {{httpheader("Set-Cookie")}} HTTP header — `Partitioned` — which when set allows site owners to opt-in to using CHIPs: + +```http +Set-Cookie: __Host-example=34d8g; SameSite=None; Secure; Path=/; Partitioned; +``` + +> **Note:** Partitioned cookies must be set with `Secure` and `Path=/`. In addition, it is recommended to use the `__Host` prefix when setting partitioned cookies to make them bound to the hostname and not the registrable domain. + +With `Partitioned` set, the cookie is stored using two keys, the host key and a new **partition key**. The partition key is based on the scheme and [eTLD+1](https://web.dev/same-site-same-origin/#site) of the top-level URL the browser was visiting when the request was made to the URL endpoint that set the cookie. + +Revisiting the example we described in the previous section: + +1. A user visits `https://site-a.example`, which embeds content from `https://3rd-party.example`. `https://3rd-party.example` sets a cookie on the user's device using `Partitioned`, meaning that the site owner opts in to CHIPS. +2. The storage key for the cookie would now be `{("https://site-a.example"), ("3rd-party.example")}`. +3. When the user visits `https://site-b.example`, which also embeds `https://3rd-party.example`, this new embedded instance is no longer able to access the cookie because the partition key doesn't match. + +> **Note:** CHIPS is similar to the older [State partitioning mechanism](/en-US/docs/Web/Privacy/State_Partitioning) implemented by Firefox. The difference is that state partitioning partitions cookie storage and retrieval into separate cookie jars for each top-level site, without a mechanism to allow opt-in to third-party cookies if desired. As browsers start to phase out third-party cookie usage, there are still valid, non-tracking uses of third-party cookies that need to be permitted while developers begin to handle this change. + +## A valid third-party embed scenario + +Blocking all third-party cookies would currently be problematic, for example in a retail site that uses a third-party chat service, as described below. CHIPs will enable this use case, while third-party tracking cookies are blocked. + +1. A user visits `https://shoppy.example`, which embeds a third-party chat service from `https://3rd-party.example/chat` to provide support for users that need help. `https://3rd-party.example/chat` sets a cookie on the user's device using `Partitioned`, to persist the state of the chat across different site subdomains. +2. The storage key for the cookie would be `{("https://shoppy.example"), ("3rd-party.example/chat")}`. +3. The user visits various subdomains in the quest to solve their problem that also embed `https://3rd-party.example/chat`, including `https://support.shoppy.example` and `https://checkout.shoppy.example`. The new embedded instances are able to access the cookie because the partition key still matches. + +> **Note:** [First-party sets](https://github.com/WICG/first-party-sets) is a proposal that aims to allow site owners to declare a collection of related domains that will act like they are a single top-level site, for the purposes of cookie access mechanisms like CHIPS. + +## Specifications + +{{Specifications}} + +## Browser compatibility + +{{Compat}} + +## See also + +- [Cookies Having Independent Partitioned State (CHIPS) on developer.chrome.com](https://developer.chrome.com/docs/privacy-sandbox/chips/) +- [CHIPS Explainer](https://github.com/privacycg/CHIPS)