Origin trial for HTTP header support in Storage Access | Privacy Sandbox

<!doctype html> <html lang="en" dir="ltr"> <head> <meta name="google-signin-client-id" content="721724668570-nbkv1cfusk7kk4eni4pjvepaus73b13t.apps.googleusercontent.com"> <meta name="google-signin-scope" content="profile email https://www.googleapis.com/auth/developerprofiles https://www.googleapis.com/auth/developerprofiles.award"> <meta property="og:site_name" content="Google for Developers"> <meta property="og:type" content="website"><meta name="theme-color" content="#fff"><meta charset="utf-8"> <meta content="IE=Edge" http-equiv="X-UA-Compatible"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="manifest" href="/_pwa/developers/manifest.json" crossorigin="use-credentials"> <link rel="preconnect" href="//www.gstatic.com" crossorigin> <link rel="preconnect" href="//fonts.gstatic.com" crossorigin> <link rel="preconnect" href="//fonts.googleapis.com" crossorigin> <link rel="preconnect" href="//apis.google.com" crossorigin> <link rel="preconnect" href="//www.google-analytics.com" crossorigin><link rel="stylesheet" href="//fonts.googleapis.com/css?family=Google+Sans:400,500|Roboto:400,400italic,500,500italic,700,700italic|Roboto+Mono:400,500,700&display=swap"> <link rel="stylesheet" href="//fonts.googleapis.com/css2?family=Material+Icons&family=Material+Symbols+Outlined&display=block"><link rel="stylesheet" href="https://www.gstatic.com/devrel-devsite/prod/v870e399c64f7c43c99a3043db4b3a74327bb93d0914e84a0c3dba90bbfd67625/developers/css/app.css"> <link rel="shortcut icon" href="https://www.gstatic.com/devrel-devsite/prod/v870e399c64f7c43c99a3043db4b3a74327bb93d0914e84a0c3dba90bbfd67625/developers/images/favicon-new.png"> <link rel="apple-touch-icon" href="https://www.gstatic.com/devrel-devsite/prod/v870e399c64f7c43c99a3043db4b3a74327bb93d0914e84a0c3dba90bbfd67625/developers/images/touchicon-180-new.png"><link rel="canonical" href="https://developers.google.com/privacy-sandbox/blog/storage-access-api-headers-logic"><link rel="search" type="application/opensearchdescription+xml" title="Google for Developers" href="https://developers.google.com/s/opensearch.xml"> <link rel="alternate" hreflang="en" href="https://developers.google.com/privacy-sandbox/blog/storage-access-api-headers-logic" /><link rel="alternate" hreflang="x-default" href="https://developers.google.com/privacy-sandbox/blog/storage-access-api-headers-logic" /><link rel="alternate" hreflang="ar" href="https://developers.google.com/privacy-sandbox/blog/storage-access-api-headers-logic?hl=ar" /><link rel="alternate" hreflang="bn" href="https://developers.google.com/privacy-sandbox/blog/storage-access-api-headers-logic?hl=bn" /><link rel="alternate" hreflang="zh-Hans" href="https://developers.google.com/privacy-sandbox/blog/storage-access-api-headers-logic?hl=zh-cn" /><link rel="alternate" hreflang="zh-Hant" href="https://developers.google.com/privacy-sandbox/blog/storage-access-api-headers-logic?hl=zh-tw" /><link rel="alternate" hreflang="fa" href="https://developers.google.com/privacy-sandbox/blog/storage-access-api-headers-logic?hl=fa" /><link rel="alternate" hreflang="fr" href="https://developers.google.com/privacy-sandbox/blog/storage-access-api-headers-logic?hl=fr" /><link rel="alternate" hreflang="de" href="https://developers.google.com/privacy-sandbox/blog/storage-access-api-headers-logic?hl=de" /><link rel="alternate" hreflang="he" href="https://developers.google.com/privacy-sandbox/blog/storage-access-api-headers-logic?hl=he" /><link rel="alternate" hreflang="hi" href="https://developers.google.com/privacy-sandbox/blog/storage-access-api-headers-logic?hl=hi" /><link rel="alternate" hreflang="id" href="https://developers.google.com/privacy-sandbox/blog/storage-access-api-headers-logic?hl=id" /><link rel="alternate" hreflang="it" href="https://developers.google.com/privacy-sandbox/blog/storage-access-api-headers-logic?hl=it" /><link rel="alternate" hreflang="ja" href="https://developers.google.com/privacy-sandbox/blog/storage-access-api-headers-logic?hl=ja" /><link rel="alternate" hreflang="ko" href="https://developers.google.com/privacy-sandbox/blog/storage-access-api-headers-logic?hl=ko" /><link rel="alternate" hreflang="pl" href="https://developers.google.com/privacy-sandbox/blog/storage-access-api-headers-logic?hl=pl" /><link rel="alternate" hreflang="pt-BR" href="https://developers.google.com/privacy-sandbox/blog/storage-access-api-headers-logic?hl=pt-br" /><link rel="alternate" hreflang="ru" href="https://developers.google.com/privacy-sandbox/blog/storage-access-api-headers-logic?hl=ru" /><link rel="alternate" hreflang="es-419" href="https://developers.google.com/privacy-sandbox/blog/storage-access-api-headers-logic?hl=es-419" /><link rel="alternate" hreflang="th" href="https://developers.google.com/privacy-sandbox/blog/storage-access-api-headers-logic?hl=th" /><link rel="alternate" hreflang="tr" href="https://developers.google.com/privacy-sandbox/blog/storage-access-api-headers-logic?hl=tr" /><link rel="alternate" hreflang="vi" href="https://developers.google.com/privacy-sandbox/blog/storage-access-api-headers-logic?hl=vi" /><title>Origin trial for HTTP header support in Storage Access  |  Privacy Sandbox  |  Google for Developers</title> <meta property="og:title" content="Origin trial for HTTP header support in Storage Access  |  Privacy Sandbox  |  Google for Developers"><meta name="description" content="Chrome 130 starts an origin trial for HTTP headers logic for Storage Access API."> <meta property="og:description" content="Chrome 130 starts an origin trial for HTTP headers logic for Storage Access API."><meta property="og:url" content="https://developers.google.com/privacy-sandbox/blog/storage-access-api-headers-logic"><meta property="og:image" content="https://developers.google.com/static/privacy-sandbox/assets/images/privacy-sandbox-for-developers.png"> <meta property="og:image:width" content="1600"> <meta property="og:image:height" content="900"><meta property="og:locale" content="en"><meta name="twitter:card" content="summary_large_image"><script type="application/ld+json"> { "@context": "https://schema.org", "@type": "BreadcrumbList", "itemListElement": [{ "@type": "ListItem", "position": 1, "name": "Privacy Sandbox", "item": "https://developers.google.com/privacy-sandbox" },{ "@type": "ListItem", "position": 2, "name": "Origin trial for HTTP header support in Storage Access", "item": "https://developers.google.com/privacy-sandbox/blog/storage-access-api-headers-logic" }] } </script> <link rel="stylesheet" href="/extras.css"></head> <body class="" template="page" theme="white" type="blog" layout="docs" concierge='closed' display-toc pending> <devsite-progress type="indeterminate" id="app-progress"></devsite-progress> <section class="devsite-wrapper"> <devsite-cookie-notification-bar></devsite-cookie-notification-bar><devsite-header role="banner"> <div class="devsite-header--inner nocontent"> <div class="devsite-top-logo-row-wrapper-wrapper"> <div class="devsite-top-logo-row-wrapper"> <div class="devsite-top-logo-row"> <button type="button" id="devsite-hamburger-menu" class="devsite-header-icon-button button-flat material-icons gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Navigation menu button" visually-hidden aria-label="Open menu"> </button> <div class="devsite-product-name-wrapper"> <a href="https://developers.google.com/privacy-sandbox"> <div class="devsite-product-logo-container" size="medium" > <picture> <img class="devsite-product-logo" alt="Privacy Sandbox" src="https://developers.google.com/static/privacy-sandbox/assets/images/privacy-sandbox-logo.png" srcset="https://developers.google.com/static/privacy-sandbox/assets/images/privacy-sandbox-logo_36.png 36w, https://developers.google.com/static/privacy-sandbox/assets/images/privacy-sandbox-logo_48.png 48w, https://developers.google.com/static/privacy-sandbox/assets/images/privacy-sandbox-logo_72.png 72w, https://developers.google.com/static/privacy-sandbox/assets/images/privacy-sandbox-logo_96.png 96w, https://developers.google.com/static/privacy-sandbox/assets/images/privacy-sandbox-logo_480.png 480w, https://developers.google.com/static/privacy-sandbox/assets/images/privacy-sandbox-logo_720.png 720w, https://developers.google.com/static/privacy-sandbox/assets/images/privacy-sandbox-logo_856.png 856w, https://developers.google.com/static/privacy-sandbox/assets/images/privacy-sandbox-logo_960.png 960w, https://developers.google.com/static/privacy-sandbox/assets/images/privacy-sandbox-logo_1440.png 1440w, https://developers.google.com/static/privacy-sandbox/assets/images/privacy-sandbox-logo_1920.png 1920w, https://developers.google.com/static/privacy-sandbox/assets/images/privacy-sandbox-logo_2880.png 2880w" sizes="64px" loading="lazy" > </picture> </div> </a> <span class="devsite-product-name"> <ul class="devsite-breadcrumb-list" > <li class="devsite-breadcrumb-item "> <a href="https://developers.google.com/privacy-sandbox" class="devsite-breadcrumb-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Upper Header" data-value="1" track-type="globalNav" track-name="breadcrumb" track-metadata-position="1" track-metadata-eventdetail="Privacy Sandbox" > Privacy Sandbox </a> </li> </ul> </span> </div> <div class="devsite-top-logo-row-middle"> <div class="devsite-header-upper-tabs"> <devsite-tabs class="upper-tabs"> <nav class="devsite-tabs-wrapper" aria-label="Upper tabs"> <tab > <a href="https://developers.google.com/privacy-sandbox" track-metadata-eventdetail="https://developers.google.com/privacy-sandbox" class="devsite-tabs-content gc-analytics-event " track-type="nav" track-metadata-position="nav - overview" track-metadata-module="primary nav" data-category="Site-Wide Custom Events" data-label="Tab: Overview" track-name="overview" > Overview </a> </tab> <tab > <a href="https://developers.google.com/privacy-sandbox/cookies" track-metadata-eventdetail="https://developers.google.com/privacy-sandbox/cookies" class="devsite-tabs-content gc-analytics-event " track-type="nav" track-metadata-position="nav - cookies" track-metadata-module="primary nav" data-category="Site-Wide Custom Events" data-label="Tab: Cookies" track-name="cookies" > Cookies </a> </tab> <tab > <a href="https://developers.google.com/privacy-sandbox/private-advertising" track-metadata-eventdetail="https://developers.google.com/privacy-sandbox/private-advertising" class="devsite-tabs-content gc-analytics-event " track-type="nav" track-metadata-position="nav - private advertising" track-metadata-module="primary nav" data-category="Site-Wide Custom Events" data-label="Tab: Private advertising" track-name="private advertising" > Private advertising </a> </tab> <tab > <a href="https://developers.google.com/privacy-sandbox/protections" track-metadata-eventdetail="https://developers.google.com/privacy-sandbox/protections" class="devsite-tabs-content gc-analytics-event " track-type="nav" track-metadata-position="nav - privacy protections" track-metadata-module="primary nav" data-category="Site-Wide Custom Events" data-label="Tab: Privacy protections" track-name="privacy protections" > Privacy protections </a> </tab> <tab > <a href="https://developers.google.com/privacy-sandbox/learn" track-metadata-eventdetail="https://developers.google.com/privacy-sandbox/learn" class="devsite-tabs-content gc-analytics-event " track-type="nav" track-metadata-position="nav - learn" track-metadata-module="primary nav" data-category="Site-Wide Custom Events" data-label="Tab: Learn" track-name="learn" > Learn </a> </tab> <tab > <a href="https://developers.google.com/privacy-sandbox/blog" track-metadata-eventdetail="https://developers.google.com/privacy-sandbox/blog" class="devsite-tabs-content gc-analytics-event " track-type="nav" track-metadata-position="nav - blog" track-metadata-module="primary nav" data-category="Site-Wide Custom Events" data-label="Tab: Blog" track-name="blog" > Blog </a> </tab> </nav> </devsite-tabs> </div> <devsite-search enable-signin enable-search enable-suggestions enable-query-completion project-name="Privacy Sandbox" tenant-name="Google for Developers" project-scope="/privacy-sandbox" url-scoped="https://developers.google.com/s/results/privacy-sandbox" > <form class="devsite-search-form" action="https://developers.google.com/s/results" method="GET"> <div class="devsite-search-container"> <button type="button" search-open class="devsite-search-button devsite-header-icon-button button-flat material-icons" aria-label="Open search"></button> <div class="devsite-searchbox"> <input aria-activedescendant="" aria-autocomplete="list" aria-label="Search" aria-expanded="false" aria-haspopup="listbox" autocomplete="off" class="devsite-search-field devsite-search-query" name="q" placeholder="Search" role="combobox" type="text" value="" > <div class="devsite-search-image material-icons" aria-hidden="true"> </div> <div class="devsite-search-shortcut-icon-container" aria-hidden="true"> <kbd class="devsite-search-shortcut-icon">/</kbd> </div> </div> </div> </form> <button type="button" search-close class="devsite-search-button devsite-header-icon-button button-flat material-icons" aria-label="Close search"></button> </devsite-search> </div> <devsite-language-selector> <ul role="presentation"> <li role="presentation"> <a role="menuitem" lang="en" >English</a> </li> <li role="presentation"> <a role="menuitem" lang="de" >Deutsch</a> </li> <li role="presentation"> <a role="menuitem" lang="es" >Español</a> </li> <li role="presentation"> <a role="menuitem" lang="es_419" >Español – América Latina</a> </li> <li role="presentation"> <a role="menuitem" lang="fr" >Français</a> </li> <li role="presentation"> <a role="menuitem" lang="id" >Indonesia</a> </li> <li role="presentation"> <a role="menuitem" lang="it" >Italiano</a> </li> <li role="presentation"> <a role="menuitem" lang="pl" >Polski</a> </li> <li role="presentation"> <a role="menuitem" lang="pt_br" >Português – Brasil</a> </li> <li role="presentation"> <a role="menuitem" lang="vi" >Tiếng Việt</a> </li> <li role="presentation"> <a role="menuitem" lang="tr" >Türkçe</a> </li> <li role="presentation"> <a role="menuitem" lang="ru" >Русский</a> </li> <li role="presentation"> <a role="menuitem" lang="he" >עברית</a> </li> <li role="presentation"> <a role="menuitem" lang="ar" >العربيّة</a> </li> <li role="presentation"> <a role="menuitem" lang="fa" >فارسی</a> </li> <li role="presentation"> <a role="menuitem" lang="hi" >हिंदी</a> </li> <li role="presentation"> <a role="menuitem" lang="bn" >বাংলা</a> </li> <li role="presentation"> <a role="menuitem" lang="th" >ภาษาไทย</a> </li> <li role="presentation"> <a role="menuitem" lang="zh_cn" >中文 – 简体</a> </li> <li role="presentation"> <a role="menuitem" lang="zh_tw" >中文 – 繁體</a> </li> <li role="presentation"> <a role="menuitem" lang="ja" >日本語</a> </li> <li role="presentation"> <a role="menuitem" lang="ko" >한국어</a> </li> </ul> </devsite-language-selector> <a class="devsite-header-link devsite-top-button button gc-analytics-event" href="//privacysandbox.com/" data-category="Site-Wide Custom Events" data-label="Site header link" > Home </a> <devsite-user enable-profiles fp-auth id="devsite-user"> <span class="button devsite-top-button" aria-hidden="true" visually-hidden>Sign in</span> </devsite-user> </div> </div> </div> <div class="devsite-collapsible-section devsite-header-no-lower-tabs "> <div class="devsite-header-background"> </div> </div> </div> </devsite-header> <devsite-book-nav scrollbars hidden> <div class="devsite-book-nav-filter" hidden> <span class="filter-list-icon material-icons" aria-hidden="true"></span> <input type="text" placeholder="Filter" aria-label="Type to filter" role="searchbox"> <span class="filter-clear-button hidden" data-title="Clear filter" aria-label="Clear filter" role="button" tabindex="0"></span> </div> <nav class="devsite-book-nav devsite-nav nocontent" aria-label="Side menu"> <div class="devsite-mobile-header"> <button type="button" id="devsite-close-nav" class="devsite-header-icon-button button-flat material-icons gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Close navigation" aria-label="Close navigation"> </button> <div class="devsite-product-name-wrapper"> <a href="https://developers.google.com/privacy-sandbox"> <div class="devsite-product-logo-container" size="medium" > <picture> <img class="devsite-product-logo" alt="Privacy Sandbox" src="https://developers.google.com/static/privacy-sandbox/assets/images/privacy-sandbox-logo.png" srcset="https://developers.google.com/static/privacy-sandbox/assets/images/privacy-sandbox-logo_36.png 36w, https://developers.google.com/static/privacy-sandbox/assets/images/privacy-sandbox-logo_48.png 48w, https://developers.google.com/static/privacy-sandbox/assets/images/privacy-sandbox-logo_72.png 72w, https://developers.google.com/static/privacy-sandbox/assets/images/privacy-sandbox-logo_96.png 96w, https://developers.google.com/static/privacy-sandbox/assets/images/privacy-sandbox-logo_480.png 480w, https://developers.google.com/static/privacy-sandbox/assets/images/privacy-sandbox-logo_720.png 720w, https://developers.google.com/static/privacy-sandbox/assets/images/privacy-sandbox-logo_856.png 856w, https://developers.google.com/static/privacy-sandbox/assets/images/privacy-sandbox-logo_960.png 960w, https://developers.google.com/static/privacy-sandbox/assets/images/privacy-sandbox-logo_1440.png 1440w, https://developers.google.com/static/privacy-sandbox/assets/images/privacy-sandbox-logo_1920.png 1920w, https://developers.google.com/static/privacy-sandbox/assets/images/privacy-sandbox-logo_2880.png 2880w" sizes="64px" loading="lazy" > </picture> </div> </a> <span class="devsite-product-name"> <ul class="devsite-breadcrumb-list" > <li class="devsite-breadcrumb-item "> <a href="https://developers.google.com/privacy-sandbox" class="devsite-breadcrumb-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Upper Header" data-value="1" track-type="globalNav" track-name="breadcrumb" track-metadata-position="1" track-metadata-eventdetail="Privacy Sandbox" > Privacy Sandbox </a> </li> </ul> </span> </div> </div> <div class="devsite-book-nav-wrapper"> <div class="devsite-mobile-nav-top"> <ul class="devsite-nav-list"> <li class="devsite-nav-item"> <a href="/privacy-sandbox" class="devsite-nav-title gc-analytics-event devsite-nav-has-children " data-category="Site-Wide Custom Events" data-label="Tab: Overview" track-name="overview" data-category="Site-Wide Custom Events" data-label="Responsive Tab: Overview" track-type="globalNav" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Overview </span> <span class="devsite-nav-icon material-icons" data-icon="forward" > </span> </a> </li> <li class="devsite-nav-item"> <a href="/privacy-sandbox/cookies" class="devsite-nav-title gc-analytics-event devsite-nav-has-children " data-category="Site-Wide Custom Events" data-label="Tab: Cookies" track-name="cookies" data-category="Site-Wide Custom Events" data-label="Responsive Tab: Cookies" track-type="globalNav" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Cookies </span> <span class="devsite-nav-icon material-icons" data-icon="forward" > </span> </a> </li> <li class="devsite-nav-item"> <a href="/privacy-sandbox/private-advertising" class="devsite-nav-title gc-analytics-event devsite-nav-has-children " data-category="Site-Wide Custom Events" data-label="Tab: Private advertising" track-name="private advertising" data-category="Site-Wide Custom Events" data-label="Responsive Tab: Private advertising" track-type="globalNav" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Private advertising </span> <span class="devsite-nav-icon material-icons" data-icon="forward" > </span> </a> </li> <li class="devsite-nav-item"> <a href="/privacy-sandbox/protections" class="devsite-nav-title gc-analytics-event devsite-nav-has-children " data-category="Site-Wide Custom Events" data-label="Tab: Privacy protections" track-name="privacy protections" data-category="Site-Wide Custom Events" data-label="Responsive Tab: Privacy protections" track-type="globalNav" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Privacy protections </span> <span class="devsite-nav-icon material-icons" data-icon="forward" > </span> </a> </li> <li class="devsite-nav-item"> <a href="/privacy-sandbox/learn" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Tab: Learn" track-name="learn" data-category="Site-Wide Custom Events" data-label="Responsive Tab: Learn" track-type="globalNav" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Learn </span> </a> </li> <li class="devsite-nav-item"> <a href="/privacy-sandbox/blog" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Tab: Blog" track-name="blog" data-category="Site-Wide Custom Events" data-label="Responsive Tab: Blog" track-type="globalNav" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Blog </span> </a> </li> <li class="devsite-nav-item"> <a href="//privacysandbox.com/" class="devsite-nav-title gc-analytics-event " data-category="Site-Wide Custom Events" data-label="Responsive Tab: Home" track-type="navMenu" track-metadata-eventDetail="globalMenu" track-metadata-position="nav"> <span class="devsite-nav-text" tooltip > Home </span> </a> </li> </ul> </div> </div> </nav> </devsite-book-nav> <section id="gc-wrapper"> <main role="main" class="devsite-main-content" > <devsite-content> <article class="devsite-article"> <div class="devsite-article-meta nocontent" role="navigation"> <ul class="devsite-breadcrumb-list" aria-label="Breadcrumb"> <li class="devsite-breadcrumb-item "> <a href="https://developers.google.com/" class="devsite-breadcrumb-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Breadcrumbs" data-value="1" track-type="globalNav" track-name="breadcrumb" track-metadata-position="1" track-metadata-eventdetail="" > Home </a> </li> <li class="devsite-breadcrumb-item "> <div class="devsite-breadcrumb-guillemet material-icons" aria-hidden="true"></div> <a href="https://developers.google.com/privacy-sandbox" class="devsite-breadcrumb-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Breadcrumbs" data-value="2" track-type="globalNav" track-name="breadcrumb" track-metadata-position="2" track-metadata-eventdetail="Privacy Sandbox" > Privacy Sandbox </a> </li> </ul> <devsite-thumb-rating position="header"> </devsite-thumb-rating> </div> <devsite-feedback position="header" project-name="Privacy Sandbox" product-id="5335444" bucket="" context="" version="t-devsite-webserver-20241114-r00-rc02.464922260396498922" data-label="Send Feedback Button" track-type="feedback" track-name="sendFeedbackLink" track-metadata-position="header" class="nocontent" disable-product-feedback project-icon="https://developers.google.com/static/privacy-sandbox/assets/images/privacy-sandbox-logo.png" > <button> Send feedback </button> </devsite-feedback> <h1 class="devsite-page-title" tabindex="-1"> Origin trial for HTTP header support in Storage Access </h1> <devsite-feature-tooltip ack-key="AckCollectionsBookmarkTooltipDismiss" analytics-category="Site-Wide Custom Events" analytics-action-show="Callout Profile displayed" analytics-action-close="Callout Profile dismissed" analytics-label="Create Collection Callout" class="devsite-page-bookmark-tooltip nocontent" dismiss-button="true" id="devsite-collections-dropdown" dismiss-button-text="Dismiss" close-button-text="Got it"> <devsite-bookmark></devsite-bookmark> <span slot="popout-heading"> Stay organized with collections </span> <span slot="popout-contents"> Save and categorize content based on your preferences. </span> </devsite-feature-tooltip> <div class="devsite-page-title-meta"><devsite-view-release-notes></devsite-view-release-notes></div> <devsite-toc class="devsite-nav" depth="2" devsite-toc-embedded > </devsite-toc> <div class="devsite-article-body clearfix "> <p><style> .wd-authors { --avatar-size: 65px; display: flex; gap: 2em; } .wd-author { display: flex; flex-wrap: wrap; gap: 1em; line-height: calc(var(--avatar-size) / 2); } .wd-author img { border-radius: 50%; height: var(--avatar-size, 65px); width: var(--avatar-size, 65px); } </style> <style> .wd-authors { --avatar-size: 65px; display: flex; gap: 2em; } .wd-author { display: flex; flex-wrap: wrap; gap: 1em; line-height: calc(var(--avatar-size) / 2); } .wd-author img { border-radius: 50%; height: var(--avatar-size, 65px); width: var(--avatar-size, 65px); } </style> <div class="wd-authors" translate="no"> <div class="wd-author"> <img class="devsite-landing-row-item-icon" alt="Natalia Markoborodova" src="https://web.dev/images/authors/nmarkoborodova.jpg" decoding="async" height="64" loading="lazy" width="64"> <div> <span> Natalia Markoborodova </span> <div class="wd-author__links"> <a href="https://twitter.com/nmarkoborodova" aria-label="Natalia Markoborodova on X" rel="me"> <svg xmlns="http://www.w3.org/2000/svg" width="22" height="22" viewBox="0 0 300 271"> <title>X</title> <path fill="currentColor" d="m236 0h46l-101 115 118 156h-92.6l-72.5-94.8-83 94.8h-46l107-123-113-148h94.9l65.5 86.6zm-16.1 244h25.5l-165-218h-27.4z"></path> </svg></a> <a href="https://github.com/ewewraw" aria-label="Natalia Markoborodova on GitHub" rel="me"> <svg xmlns="http://www.w3.org/2000/svg" width="22" height="22" viewBox="0 0 32.6 31.8"> <title>GitHub</title> <path d="M16.3 0C7.3 0 0 7.3 0 16.3c0 7.2 4.7 13.3 11.1 15.5.8.1 1.1-.4 1.1-.8v-2.8c-4.5 1-5.5-2.2-5.5-2.2-.7-1.9-1.8-2.4-1.8-2.4-1.5-1 .1-1 .1-1 1.6.1 2.5 1.7 2.5 1.7 1.5 2.5 3.8 1.8 4.7 1.4.1-1.1.6-1.8 1-2.2-3.6-.4-7.4-1.8-7.4-8.1 0-1.8.6-3.2 1.7-4.4-.1-.3-.7-2 .2-4.2 0 0 1.4-.4 4.5 1.7 1.3-.4 2.7-.5 4.1-.5 1.4 0 2.8.2 4.1.5 3.1-2.1 4.5-1.7 4.5-1.7.9 2.2.3 3.9.2 4.3 1 1.1 1.7 2.6 1.7 4.4 0 6.3-3.8 7.6-7.4 8 .6.5 1.1 1.5 1.1 3V31c0 .4.3.9 1.1.8 6.5-2.2 11.1-8.3 11.1-15.5C32.6 7.3 25.3 0 16.3 0z" fill-rule="evenodd" clip-rule="evenodd" fill="currentColor" /> </svg></a> <a href="https://glitch.com/@nmarkoborodova" aria-label="Natalia Markoborodova on Glitch" rel="me"> <svg xmlns="http://www.w3.org/2000/svg" width="22" height="22" viewBox="0 0 32 32"> <title>Glitch</title> <path fill="currentColor" d="M31.734 16.76c-.385-.198-4.536 1.865-5.427 1.693-2.24-.401-1.828-.667-4.839-1.359-1.203-.266-1.031-.109-1.297-.307-.172-.135-.344-.161-.599-.401 4-.719 6.026-1.693 6.734-1.839.76-.146 5.161 1.958 5.427 1.469.266-.495-.964-1.578-.401-3.031.589-1.464-.693-2.422.016-3.583.719-1.161.573-2.932.396-3.026-.396-.203-4.531 1.865-5.438 1.693-2.24-.417-1.828-.682-4.839-1.359-1.203-.271-1.031-.12-1.297-.323-.266-.198-.521-.13-1.036-.974-.521-.839-6.51-2.13-6.906-2.13-.828 0-2.375 2.13-2.375 2.13s-.599 0-2.401.094c-1.802.094-3.375.896-5.495 2.563C-.173 9.737.134 11.414.134 11.414s1.969.667 1.969 1.042c0 .359-1.729.802-1.729.802 1.12 1.411 4.583 2.745 5.464 2.745h.693c-1.438.281-2.823 1.068-4.583 2.438-2.12 1.698-1.813 3.375-1.813 3.375s1.969.667 1.969 1.026-1.729.802-1.729.802c1.12 1.427 4.583 2.76 5.464 2.76.844 0 1.427.026 2.495-.172.078.172.906 1.932 2.599 2.292 1.786.385 2.776.078 2.776.078s.094-.786-.323-1.573c1.547.161 3.307.203 5.026-.068 4.76-.719 7.12-1.865 7.896-2.01.76-.161 5.161 1.948 5.427 1.464.266-.505-.964-1.583-.385-3.036.573-1.469-.708-2.417 0-3.589.719-1.161.573-2.932.396-3.026zM4.615 11.828a1.446 1.446 0 0 1-.297-.042h-.052c-.026-.01-.052-.026-.078-.042l-.052-.01-.083-.042h-.052a.418.418 0 0 1-.068-.042l-.068-.052-.063-.036-.057-.042c-.021-.016-.042-.036-.063-.052l-.042-.042c-.026-.026-.047-.052-.068-.078l-.026-.031a1.954 1.954 0 0 1-.094-.104l-.026-.026c-.021-.036-.036-.073-.052-.109l-.026-.036-.057-.083c-.005-.021-.016-.042-.026-.063l-.026-.083-.026-.052-.016-.094-.01-.068c-.01-.026-.021-.052-.026-.078v-.068c.094.573.557 1.016 1.104 1.016.63 0 1.146-.573 1.146-1.297 0-.719-.505-1.307-1.146-1.307-.625 0-1.13.573-1.146 1.281 0-.932.667-1.693 1.495-1.693.823 0 1.479.745 1.479 1.682 0 .932-.667 1.693-1.479 1.693zm-1-1.265c0-.203.13-.365.318-.365s.307.161.307.365c0 .198-.135.344-.307.344s-.318-.161-.318-.344zm1 11.651a.712.712 0 0 1-.146 0l-.057-.016a.6.6 0 0 1-.094-.01l-.052-.016-.078-.026-.052-.026c-.031-.005-.057-.016-.083-.026l-.052-.026c-.021-.016-.047-.026-.068-.042L3.881 22l-.068-.052-.052-.042-.068-.052-.042-.042c-.031-.031-.063-.057-.089-.094a.671.671 0 0 1-.094-.12l-.031-.026c-.016-.031-.036-.063-.052-.094l-.026-.052c-.016-.026-.036-.052-.052-.078l-.026-.057-.026-.094-.026-.052-.031-.094-.01-.052c-.01-.031-.021-.063-.026-.094v-.068c.094.573.557 1.016 1.104 1.016.63 0 1.146-.573 1.146-1.292 0-.724-.505-1.297-1.146-1.297-.625 0-1.13.563-1.146 1.266 0-.932.667-1.693 1.495-1.693.823 0 1.479.76 1.479 1.682 0 .917-.667 1.693-1.479 1.693zm-1-1.266c0-.188.13-.349.318-.349s.307.161.307.349c0 .188-.135.344-.307.344s-.318-.146-.318-.344zm6.77-7.333v-.042l.042-.078.078-.297c.182-.583.344-1.172.479-1.771.161-.708.229-1.281.203-1.599-.016-.12-.031-.245-.052-.359a8.276 8.276 0 0 0-.521-1.724l-.083-.172-.026-.068c-.12-.266.057-.573.323-.557h.188l.531.036 2.104.109 1.151.078a28.24 28.24 0 0 1 10.573 2.828l.891.401c.172.078.266.307.188.505-.068.188-.266.292-.438.214l-.896-.401a27.695 27.695 0 0 0-10.359-2.786l-1.146-.068-.51-.026-1.599-.094h-.156c.188.51.339 1.031.453 1.562l.063.427c.042.453-.036 1.078-.224 1.88l-.203.823a23.62 23.62 0 0 1-.385 1.323l-.026.078v.042c-.068.188-.266.292-.438.214-.177-.068-.271-.292-.203-.495zm-2-6.349a.307.307 0 0 1 .479.026c.208.26.396.536.563.828.292.531.495 1.068.547 1.615.026.307 0 .651-.052 1.026a8.718 8.718 0 0 1-.271 1.104c-.094.313-.208.62-.333.922-.078.188-.276.266-.453.172-.172-.094-.24-.318-.156-.521l.026-.052.068-.172c.073-.198.146-.396.214-.599.099-.328.182-.661.24-1 .052-.307.063-.573.052-.802a3.47 3.47 0 0 0-.453-1.292 4.794 4.794 0 0 0-.443-.667l-.036-.042a.417.417 0 0 1 .026-.531zm1.537 13.869c-.063.38-.151.76-.271 1.13a9.549 9.549 0 0 1-.333.906c-.078.188-.276.266-.453.177-.172-.094-.24-.323-.156-.521l.026-.057.068-.172c.073-.198.146-.396.214-.599.099-.328.182-.661.24-1 .052-.307.063-.573.036-.802a3.365 3.365 0 0 0-.438-1.276 4.794 4.794 0 0 0-.443-.667l-.036-.057a.417.417 0 0 1 .026-.531.3.3 0 0 1 .464 0c.214.266.396.547.563.839.292.536.495 1.083.547 1.615.026.307 0 .651-.052 1.026zm16.531.157c-.068.188-.266.297-.438.214l-.896-.401a27.695 27.695 0 0 0-10.359-2.786l-1.135-.063h-.063l-.458-.026c-.583-.036-1.172-.068-1.755-.094l.036.078c.234.615.396 1.255.479 1.906.042.453-.036 1.078-.224 1.88l-.203.828a24.99 24.99 0 0 1-.385 1.333l-.026.068v.036c-.068.203-.266.297-.438.229a.42.42 0 0 1-.203-.51v-.026l.042-.078.078-.292c.182-.589.344-1.177.479-1.776.161-.708.229-1.281.203-1.599-.016-.12-.031-.24-.052-.359a7.996 7.996 0 0 0-.521-1.708l-.052-.12-.031-.068-.026-.063c-.12-.271.057-.578.323-.563h.188l.531.042 2.12.104 1.135.083a28.14 28.14 0 0 1 10.573 2.823l.891.401c.172.078.266.307.188.505z"/> </svg></a> </div> </div> </div> </div></p> <p>Chrome is starting an origin trial for adding HTTP headers to the <a href="/privacy-sandbox/cookies/storage-access-api">Storage Access API (SAA)</a> in version 130: <a href="https://developer.chrome.com/origintrials/#/view_trial/4008766618313162753">Storage Access Headers</a>. The new <code translate="no" dir="ltr">Sec-Fetch-Storage-Access</code> request header and <code translate="no" dir="ltr">Activate-Storage-Access</code> response header aim to support non-iframe resources, and improve performance and user experience for websites that rely on embedded content, such as social media widgets, calendars, and interactive tools.</p> <h2 id="javascript_flow_and_its_limitations" data-text="JavaScript flow (and its limitations)" tabindex="-1">JavaScript flow (and its limitations)</h2> <p>Previously, SAA required a <a href="/privacy-sandbox/cookies/storage-access-api#use_requeststorageaccess">JavaScript API call</a> to <code translate="no" dir="ltr">document.requestStorageAccess()</code> on every reload, even if the user has already granted permission. While effective, this method introduces limitations:</p> <ul> <li><strong>Multiple network round trips:</strong> The process often involved several network requests and page reloads before the embedded content could fully function.</li> <li><strong>Iframe dependency:</strong> JavaScript execution mandated the use of iframes or subresources within iframes, limiting flexibility for developers.</li> </ul> <p>For example, a calendar widget from <code translate="no" dir="ltr">calendar.example</code> embedded on <code translate="no" dir="ltr">website.example</code> using only JavaScript would look like this:</p> <ol> <li><strong>Load a placeholder:</strong> <code translate="no" dir="ltr">website.example</code> requests the widget. As the <code translate="no" dir="ltr">calendar.example</code> widget embedded on <code translate="no" dir="ltr">website.example</code> doesn't have access to its unpartitioned cookies, a placeholder widget is rendered instead.</li> <li><strong>Request permission:</strong> The placeholder loads, then calls <code translate="no" dir="ltr">document.requestStorageAccess()</code> to request <code translate="no" dir="ltr">storage-access</code> permission.</li> <li>The user <a href="/privacy-sandbox/cookies/storage-access-api#permission-prompts">chooses</a> to grant <a href="/privacy-sandbox/cookies/storage-access-api#use_the_storage-access_permission_query">permission</a>.</li> <li><strong>Reload the widget:</strong> The widget refreshes, this time with cookie access, and finally loads the personalized content.</li> <li>Each time the user visits a site embedding the <code translate="no" dir="ltr">calendar.example</code> widget again, the flow looks exactly the same as in steps <strong>1, 2</strong>, and <strong>4</strong>; the only simplification is that the user does not need to re-grant access.</li> </ol> <p>This flow is inefficient: if the user has already granted storage permission, the initial iframe load, the <code translate="no" dir="ltr">document.requestStorageAccess()</code> call, and the subsequent reload become unnecessary, and create latency.</p> <h2 id="the_new_flow_with_http_headers" data-text="The new flow with HTTP Headers" tabindex="-1">The new flow with HTTP Headers</h2> <p>The new Storage Access Headers enable more efficient loading of embedded content, including non-iframe resources.</p> <p>With Storage Access Headers, the browser will automatically fetch resources with the <code translate="no" dir="ltr">Sec-Fetch-Storage-Access: inactive</code> request header set if the user has already granted permission. No developer action is required to set the request header. The server can <a href="#server-side">respond</a> with the <code translate="no" dir="ltr">Activate-Storage-Access: retry; allowed-origin="<origin>"</code> header, and the browser will retry the request with the necessary credentials.</p> <aside class="special"><strong>Important:</strong><span> This update doesn't change the initial permission request process. Websites still need to embed an iframe calling <code translate="no" dir="ltr">document.requestStorageAccess()</code> to request user permission if the permission hasn't yet been granted.</span></aside> <h3 id="request_header" data-text="Request Header" tabindex="-1">Request Header</h3> <pre class="prettyprint lang-JavaScript" translate="no" dir="ltr"><code translate="no" dir="ltr">Sec-Fetch-Storage-Access: <access-status> </code></pre> <p>When a user visits a page that embeds cross-site content, the browser will automatically include the <code translate="no" dir="ltr">Sec-Fetch-Storage-Access</code> header in cross-site requests that might require credentials (like cookies). This header indicates the embed's cookie access permission status. Here's how to interpret its values:</p> <ul> <li><code translate="no" dir="ltr">none</code>: the embed doesn't have the <code translate="no" dir="ltr">storage-access</code> permission, and therefore doesn't have access to unpartitioned cookies.</li> <li><code translate="no" dir="ltr">inactive</code>: the embed has the <code translate="no" dir="ltr">storage-access</code> permission, but has not opted into using it. The embed does not have unpartitioned cookie access.</li> <li><code translate="no" dir="ltr">active</code>: the embed has unpartitioned cookie access. This value will be included on any cross-origin requests that have access to unpartitioned cookies.</li> </ul> <h3 id="response_headers" data-text="Response Headers" tabindex="-1">Response Headers</h3> <pre class="prettyprint lang-JavaScript" translate="no" dir="ltr"><code translate="no" dir="ltr">Activate-Storage-Access: <retry-or-reload> </code></pre> <p>The <code translate="no" dir="ltr">Activate-Storage-Access</code> header instructs the browser to either retry the request with cookies or load the resource directly with SAA activated. The header can have the following values:</p> <ul> <li><code translate="no" dir="ltr">load</code>: instructs the browser to grant the embedder access to unpartitioned cookies for the requested resource.</li> <li><code translate="no" dir="ltr">retry</code>: the server responds that the browser should activate the storage-access permission, then retry the request.</li> </ul> <aside class="special"><strong>Important:</strong><span> When using <code translate="no" dir="ltr">retry</code>, your response must also include the <code translate="no" dir="ltr">allowed-origin</code> parameter to give an origin permission to send credentialed requests to your server. Additionally, the initial request must have included the Sec-Fetch-Storage-Access: inactive header.</span></aside><pre class="prettyprint lang-JavaScript" translate="no" dir="ltr"><code translate="no" dir="ltr">Activate-Storage-Access: retry; allowed-origin="https://site.example" Activate-Storage-Access: retry; allowed-origin=* Activate-Storage-Access: load </code></pre> <h3 id="support_for_non-iframe_resources" data-text="Support for non-iframe resources" tabindex="-1">Support for non-iframe resources</h3> <p>The Storage Access Headers update enables SAA for non-iframe embedded content, like images hosted on a different domain. Previously, no web platform API allowed loading such resources with credentials in browsers if third-party cookies are unavailable. For example, your <code translate="no" dir="ltr">embedding-site.example</code> can request an image:</p> <pre class="prettyprint lang-JavaScript" translate="no" dir="ltr"><code translate="no" dir="ltr"> <img src="https://server.example/image"/> </code></pre> <p>And the server can respond with content or an error, depending on whether a cookie is available:</p> <pre class="prettyprint lang-JavaScript" translate="no" dir="ltr"><code translate="no" dir="ltr">app.get('/image', (req, res) => { const headers = req.headers; const cookieHeader = headers.cookie; // Check if the embed has the necessary cookie access if (!cookieHeader || !cookieHeader.includes('foo')) { // If the cookie is not present, check if the browser supports Storage Access headers if ( 'sec-fetch-storage-access' in headers && headers['sec-fetch-storage-access'] == 'inactive' ) { // If the browser supports Storage Access API, retry the request with storage access enabled res.setHeader('Activate-Storage-Access', 'retry; allowed-origin="https://embedding-site.example"'); } res.status(401).send('No cookie!'); } else { // If the cookie is available, check if the user is authorized to access the image if (!check_authorization(cookieHeader)) { return res.status(401).send('Unauthorized!'); } // If the user is authorized, respond with the image file res.sendFile("path/to/image.jpeg"); } }); </code></pre> <p>If the cookie is not available, the server checks the value of the <code translate="no" dir="ltr">Sec-Fetch-Storage-Access</code> request header. If this value is set to <code translate="no" dir="ltr">inactive</code>, the server responds with the <code translate="no" dir="ltr">Activate-Storage-Access: retry</code> header, indicating that the request should be retried with storage access. If there is no cookie and the <code translate="no" dir="ltr">Sec-Fetch-Storage-Access</code> header does not have the value inactive, the image won't load.</p> <aside class="note"><strong>Note:</strong><span> You can use the <code translate="no" dir="ltr">Activate-Storage-Access: retry</code> header for non-iframe resources without using <code translate="no" dir="ltr">Activate-Storage-Access: load</code> subsequently. The <code translate="no" dir="ltr">load</code> response header is intended for iframes, and is equivalent to executing <code translate="no" dir="ltr">await document.requestStorageAccess()</code> and reloading the window. Using the <code translate="no" dir="ltr">load</code> response header, the iframe is only fetched and loaded once.</span></aside> <h3 id="http_header_flow" data-text="HTTP Header flow" tabindex="-1">HTTP Header flow</h3> <p>With HTTP headers, the browser can recognize when the user has already granted storage-access permission to the widget, and load the iframe with access to unpartitioned cookies during subsequent visits.</p> <p>With Storage Access Headers, the subsequent pages visits will trigger the following flow:</p> <ol> <li>The user visits <code translate="no" dir="ltr">website.example</code> that has the <code translate="no" dir="ltr">calendar.example</code> embedded again. This fetch doesn't yet have access to the cookie, as before. However, the user has previously granted <code translate="no" dir="ltr">storage-access</code> permission, and the fetch includes a <code translate="no" dir="ltr">Sec-Fetch-Storage-Access: inactive</code> header, to indicate that unpartitioned cookie access is available but not in use.</li> <li>The <code translate="no" dir="ltr">calendar.example</code> server responds with a <code translate="no" dir="ltr">Activate-Storage-Access: retry; allowed-origin="<origin>"</code> header (in this case, <code translate="no" dir="ltr"><origin></code> would be <code translate="no" dir="ltr">https://website.example</code>), to indicate that the resource fetch requires the use of unpartitioned cookies with the storage-access permission.</li> <li>The browser retries the request, this time including unpartitioned cookies (activating the <code translate="no" dir="ltr">storage-access</code> permission for this fetch).</li> <li>The <code translate="no" dir="ltr">calendar.example</code> server responds with the personalized iframe content. The response includes a <code translate="no" dir="ltr">Activate-Storage-Access: load</code> header, to indicate that the browser should load the content with the <code translate="no" dir="ltr">storage-access</code> permission activated (in other words, load with unpartitioned cookie access, as if <code translate="no" dir="ltr">document.requestStorageAccess()</code> had been called).</li> <li>The user agent loads the iframe content with unpartitioned cookie access using the storage-access permission. After this step, the widget can work as expected.</li> </ol> <figure style="max-width:800px; margin:auto;"> <img src="/static/privacy-sandbox/assets/images/blog/storage-access-header-flow-diagram.png" alt="A flowchart illustrating the Storage Access Header flow"> <figcaption>Storage Access Header flow diagram.</figcaption> </figure> <h2 id="update_your_solution" data-text="Update your solution" tabindex="-1">Update your solution</h2> <p>With the Storage Access Headers feature, you may want to update your code in two cases:</p> <ol> <li>You use SAA and want to achieve better performance with header logic.</li> <li>You have a validation or logic that depends on whether the <code translate="no" dir="ltr">Origin</code> header is included in the request on your server.</li> </ol> <h3 id="implement_saa_headers_logic" data-text="Implement SAA headers logic" tabindex="-1">Implement SAA headers logic</h3> <p>In order to use Storage Access Headers in your solution, you need to update your solution. Suppose you're the <code translate="no" dir="ltr">calendar.example</code> owner. For <code translate="no" dir="ltr">website.example</code> to be able to load a personalized <code translate="no" dir="ltr">calendar.example</code> widget, the widget code must have storage access.</p> <h4 id="client_side" data-text="Client side" tabindex="-1">Client side</h4> <p>The Storage Access Headers feature doesn't require any code update on the client side for the existing solutions. Read the documentation to learn how to <a href="/privacy-sandbox/cookies/storage-access-api#using-saa">implement SAA</a>.</p> <h4 id="server-side" data-text="Server side" tabindex="-1">Server side</h4> <p>On the server side, you can use the new headers:</p> <pre class="prettyprint lang-JavaScript" translate="no" dir="ltr"><code translate="no" dir="ltr">app.get('/cookie-access-endpoint', (req, res) => { const storageAccessHeader = req.headers['sec-fetch-storage-access']; if (storageAccessHeader === 'inactive') { // User needs to grant permission, trigger a prompt if (!validate_origin(req.headers.origin)) { res.status(401).send(`${req.headers.origin} is not allowed to send` + ' credentialed requests to this server.'); return; } res.set('Activate-Storage-Access', `retry; allowed-origin="${req.headers.origin}"`); res.status(401).send('This resource requires storage access. Please grant permission.'); } else if (storageAccessHeader === 'active') { // User has granted permission, proceed with access res.set('Activate-Storage-Access', 'load'); // Include the actual iframe content here res.send('This is the content that requires cookie access.'); } else { // Handle other cases (e.g., 'Sec-Fetch-Storage-Access': 'none') } }); </code></pre> <p>Check out the <a href="https://storage-access-api-demo-site-b.glitch.me/">demo</a> to see how this solution works in practice.</p> <h3 id="update_your_origin_header_logic" data-text="Update your Origin header logic" tabindex="-1">Update your Origin header logic</h3> <p>With Storage Access Headers, Chrome sends the <code translate="no" dir="ltr">Origin</code> header in more requests than before. This could affect your server-side logic if it relies on the Origin header only being present for specific types of requests (like those defined by CORS).</p> <p>To avoid potential issues, you need to review your server-side code:</p> <ul> <li>Check for any validation or logic that depends on the presence of the <code translate="no" dir="ltr">Origin</code> header.</li> <li>Update your code to handle the <code translate="no" dir="ltr">Origin</code> header being present in more cases.</li> </ul> <h2 id="key_advantages" data-text="Key advantages" tabindex="-1">Key advantages</h2> <p>Storage Access Headers is a recommended, more performant way to use the SAA. Overall, this change brings several improvements:</p> <ul> <li><strong>Non-iframe embeds support:</strong> Enables SAA for a wider range of resources.</li> <li><strong>Reduced network usage:</strong> Fewer requests and smaller payloads.</li> <li><strong>Lower CPU usage:</strong> Less JavaScript processing.</li> <li><strong>Improved UX:</strong> Eliminates disruptive intermediate loads.</li> </ul> <h2 id="participate_in_the_origin_trial" data-text="Participate in the origin trial" tabindex="-1">Participate in the origin trial</h2> <p>Origin trials allow you to try new features and give feedback on their usability, practicality, and effectiveness. For more information, check out the <a href="https://goo.gle/ot">Get started with origin trials</a>.</p> <p>You can try the Storage Access Headers feature by registering for the origin trials starting from Chrome 130. To participate in the origin trial:</p> <ol> <li>Go to the Storage Access Headers origin trial <a href="https://developer.chrome.com/origintrials/#/view_trial/3400780668618145793">registration page</a>.</li> <li>Follow the <a href="https://developer.chrome.com/docs/web-platform/origin-trials/#take_part_in_an_origin_trial">instructions</a> on origin trial participation.</li> </ol> <h2 id="test_locally" data-text="Test locally" tabindex="-1">Test locally</h2> <p>You can test the Storage Access Headers feature locally to ensure your website is prepared for this change.</p> <p>Follow these steps to configure your Chrome instance:</p> <ol> <li>Enable the chrome flag on <code translate="no" dir="ltr">chrome://flags/#storage-access-headers</code>.</li> <li>Restart Chrome for the changes to take effect.</li> </ol> <h2 id="engage_and_share_feedback" data-text="Engage and share feedback" tabindex="-1">Engage and share feedback</h2> <p>If you have feedback or encounter any problems, you can file an <a href="https://github.com/privacycg/storage-access/issues">issue</a>. You can also learn more about the Storage Access Headers on the <a href="https://github.com/privacycg/storage-access-headers">GitHub explainer</a>.</p> </div> <devsite-thumb-rating position="footer"> </devsite-thumb-rating> <devsite-feedback position="footer" project-name="Privacy Sandbox" product-id="5335444" bucket="" context="" version="t-devsite-webserver-20241114-r00-rc02.464922260396498922" data-label="Send Feedback Button" track-type="feedback" track-name="sendFeedbackLink" track-metadata-position="footer" class="nocontent" disable-product-feedback project-icon="https://developers.google.com/static/privacy-sandbox/assets/images/privacy-sandbox-logo.png" > <button> Send feedback </button> </devsite-feedback> <div class="devsite-floating-action-buttons"> </div> </article> <devsite-content-footer class="nocontent"> <p>Except as otherwise noted, the content of this page is licensed under the <a href="https://creativecommons.org/licenses/by/4.0/">Creative Commons Attribution 4.0 License</a>, and code samples are licensed under the <a href="https://www.apache.org/licenses/LICENSE-2.0">Apache 2.0 License</a>. For details, see the <a href="https://developers.google.com/site-policies">Google Developers Site Policies</a>. Java is a registered trademark of Oracle and/or its affiliates.</p> <p>Last updated 2024-10-14 UTC.</p> </devsite-content-footer> <devsite-notification > </devsite-notification> <div class="devsite-content-data"> <template class="devsite-thumb-rating-feedback"> <devsite-feedback position="thumb-rating" project-name="Privacy Sandbox" product-id="5335444" bucket="" context="" version="t-devsite-webserver-20241114-r00-rc02.464922260396498922" data-label="Send Feedback Button" track-type="feedback" track-name="sendFeedbackLink" track-metadata-position="thumb-rating" class="nocontent" disable-product-feedback project-icon="https://developers.google.com/static/privacy-sandbox/assets/images/privacy-sandbox-logo.png" > <button> Need to tell us more? </button> </devsite-feedback> </template> <template class="devsite-content-data-template"> [[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-10-14 UTC."],[],[]] </template> </div> </devsite-content> </main> <devsite-footer-promos class="devsite-footer"> </devsite-footer-promos> <devsite-footer-linkboxes class="devsite-footer"> <nav class="devsite-footer-linkboxes nocontent" aria-label="Footer links"> <ul class="devsite-footer-linkboxes-list"> <li class="devsite-footer-linkbox "> <h3 class="devsite-footer-linkbox-heading no-link">Get support</h3> <ul class="devsite-footer-linkbox-list"> <li class="devsite-footer-linkbox-item"> <a href="https://github.com/privacysandbox/privacy-sandbox-dev-support" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 1)" > Ask a question on our GitHub support repo </a> </li> <li class="devsite-footer-linkbox-item"> <a href="https://goo.gle/privacy-sandbox-feedback" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 2)" > Submit project feedback </a> </li> </ul> </li> <li class="devsite-footer-linkbox "> <h3 class="devsite-footer-linkbox-heading no-link">Get updates</h3> <ul class="devsite-footer-linkbox-list"> <li class="devsite-footer-linkbox-item"> <a href="/privacy-sandbox/blog" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 1)" > Developer blog </a> </li> <li class="devsite-footer-linkbox-item"> <a href="https://privacysandbox.com/news/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 2)" > Project news </a> </li> </ul> </li> <li class="devsite-footer-linkbox "> <h3 class="devsite-footer-linkbox-heading no-link">Resources</h3> <ul class="devsite-footer-linkbox-list"> <li class="devsite-footer-linkbox-item"> <a href="https://privacysandbox.com/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 1)" > Project site </a> </li> <li class="devsite-footer-linkbox-item"> <a href="https://privacysandbox.com/open-web/#the-privacy-sandbox-timeline" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 2)" > Privacy Sandbox timeline </a> </li> </ul> </li> <li class="devsite-footer-linkbox "> <h3 class="devsite-footer-linkbox-heading no-link">Tools</h3> <ul class="devsite-footer-linkbox-list"> <li class="devsite-footer-linkbox-item"> <a href="https://goo.gle/psat" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 1)" > Privacy Sandbox Analysis Tool </a> </li> <li class="devsite-footer-linkbox-item"> <a href="https://privacy-sandbox-demos.dev/" class="devsite-footer-linkbox-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Link (index 2)" > Privacy Sandbox demos </a> </li> </ul> </li> </ul> </nav> </devsite-footer-linkboxes> <devsite-footer-utility class="devsite-footer"> <div class="devsite-footer-utility nocontent"> <nav class="devsite-footer-sites" aria-label="Other Google Developers websites"> <a href="https://developers.google.com/" class="devsite-footer-sites-logo-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Google Developers Link"> <picture> <img class="devsite-footer-sites-logo" src="https://www.gstatic.com/devrel-devsite/prod/v870e399c64f7c43c99a3043db4b3a74327bb93d0914e84a0c3dba90bbfd67625/developers/images/lockup-google-for-developers.svg" loading="lazy" alt="Google Developers"> </picture> </a> <ul class="devsite-footer-sites-list"> <li class="devsite-footer-sites-item"> <a href="//developer.android.com" class="devsite-footer-sites-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Android Link" > Android </a> </li> <li class="devsite-footer-sites-item"> <a href="//developer.chrome.com/home" class="devsite-footer-sites-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Chrome Link" > Chrome </a> </li> <li class="devsite-footer-sites-item"> <a href="//firebase.google.com" class="devsite-footer-sites-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Firebase Link" > Firebase </a> </li> <li class="devsite-footer-sites-item"> <a href="//cloud.google.com" class="devsite-footer-sites-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Google Cloud Platform Link" > Google Cloud Platform </a> </li> <li class="devsite-footer-sites-item"> <a href="//ai.google.dev/" class="devsite-footer-sites-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer Google AI Link" > Google AI </a> </li> <li class="devsite-footer-sites-item"> <a href="/products" class="devsite-footer-sites-link gc-analytics-event" data-category="Site-Wide Custom Events" data-label="Footer All products Link" > All products </a> </li> </ul> </nav> <nav class="devsite-footer-utility-links" aria-label="Utility links"> <ul class="devsite-footer-utility-list"> <li class="devsite-footer-utility-item "> <a class="devsite-footer-utility-link gc-analytics-event" href="/terms/site-terms" data-category="Site-Wide Custom Events" data-label="Footer Terms link" > Terms </a> </li> <li class="devsite-footer-utility-item "> <a class="devsite-footer-utility-link gc-analytics-event" href="//policies.google.com/privacy" data-category="Site-Wide Custom Events" data-label="Footer Privacy link" > Privacy </a> </li> <li class="devsite-footer-utility-item glue-cookie-notification-bar-control"> <a class="devsite-footer-utility-link gc-analytics-event" href="#" data-category="Site-Wide Custom Events" data-label="Footer Manage cookies link" aria-hidden="true" > Manage cookies </a> </li> <li class="devsite-footer-utility-item devsite-footer-utility-button"> <span class="devsite-footer-utility-description">Sign up for the Google for Developers newsletter</span> <a class="devsite-footer-utility-link gc-analytics-event" href="/newsletter/subscribe" data-category="Site-Wide Custom Events" data-label="Footer Subscribe link" > Subscribe </a> </li> </ul> <devsite-language-selector> <ul role="presentation"> <li role="presentation"> <a role="menuitem" lang="en" >English</a> </li> <li role="presentation"> <a role="menuitem" lang="de" >Deutsch</a> </li> <li role="presentation"> <a role="menuitem" lang="es" >Español</a> </li> <li role="presentation"> <a role="menuitem" lang="es_419" >Español – América Latina</a> </li> <li role="presentation"> <a role="menuitem" lang="fr" >Français</a> </li> <li role="presentation"> <a role="menuitem" lang="id" >Indonesia</a> </li> <li role="presentation"> <a role="menuitem" lang="it" >Italiano</a> </li> <li role="presentation"> <a role="menuitem" lang="pl" >Polski</a> </li> <li role="presentation"> <a role="menuitem" lang="pt_br" >Português – Brasil</a> </li> <li role="presentation"> <a role="menuitem" lang="vi" >Tiếng Việt</a> </li> <li role="presentation"> <a role="menuitem" lang="tr" >Türkçe</a> </li> <li role="presentation"> <a role="menuitem" lang="ru" >Русский</a> </li> <li role="presentation"> <a role="menuitem" lang="he" >עברית</a> </li> <li role="presentation"> <a role="menuitem" lang="ar" >العربيّة</a> </li> <li role="presentation"> <a role="menuitem" lang="fa" >فارسی</a> </li> <li role="presentation"> <a role="menuitem" lang="hi" >हिंदी</a> </li> <li role="presentation"> <a role="menuitem" lang="bn" >বাংলা</a> </li> <li role="presentation"> <a role="menuitem" lang="th" >ภาษาไทย</a> </li> <li role="presentation"> <a role="menuitem" lang="zh_cn" >中文 – 简体</a> </li> <li role="presentation"> <a role="menuitem" lang="zh_tw" >中文 – 繁體</a> </li> <li role="presentation"> <a role="menuitem" lang="ja" >日本語</a> </li> <li role="presentation"> <a role="menuitem" lang="ko" >한국어</a> </li> </ul> </devsite-language-selector> </nav> </div> </devsite-footer-utility> <devsite-panel></devsite-panel> <devsite-concierge data-info-panel data-ai-panel data-api-explorer-panel > </devsite-concierge> </section></section> <devsite-sitemask></devsite-sitemask> <devsite-snackbar></devsite-snackbar> <devsite-tooltip ></devsite-tooltip> <devsite-heading-link></devsite-heading-link> <devsite-analytics> <script type="application/json" analytics>[{"dimensions": {"dimension3": false, "dimension11": false, "dimension6": "en", "dimension4": "Privacy Sandbox", "dimension1": "Signed out", "dimension5": "en"}, "gaid": "UA-24532603-1", "metrics": {"ratings_count": "metric2", "ratings_value": "metric1"}, "purpose": 1}]</script> <script type="application/json" tag-management>{"at": "True", "ga4": [{"id": "G-272J68FCRF", "purpose": 1}], "ga4p": [{"id": "G-272J68FCRF", "purpose": 1}], "gtm": [{"id": "GTM-WPJH8HP6", "purpose": 0}], "parameters": {"internalUser": "False", "language": {"machineTranslated": "False", "requested": "en", "served": "en"}, "pageType": "blog", "projectName": "Privacy Sandbox", "signedIn": "False", "tenant": "developers", "recommendations": {"sourcePage": "", "sourceType": 0, "sourceRank": 0, "sourceIdenticalDescriptions": 0, "sourceTitleWords": 0, "sourceDescriptionWords": 0, "experiment": ""}, "experiment": {"ids": ""}}}</script> </devsite-analytics> <devsite-badger></devsite-badger> <script nonce="fwfhSQw7MHSBM0muXqbRqEg5h6k9gH"> (function(d,e,v,s,i,t,E){d['GoogleDevelopersObject']=i; t=e.createElement(v);t.async=1;t.src=s;E=e.getElementsByTagName(v)[0]; E.parentNode.insertBefore(t,E);})(window, document, 'script', 'https://www.gstatic.com/devrel-devsite/prod/v870e399c64f7c43c99a3043db4b3a74327bb93d0914e84a0c3dba90bbfd67625/developers/js/app_loader.js', '[1,"en",null,"/js/devsite_app_module.js","https://www.gstatic.com/devrel-devsite/prod/v870e399c64f7c43c99a3043db4b3a74327bb93d0914e84a0c3dba90bbfd67625","https://www.gstatic.com/devrel-devsite/prod/v870e399c64f7c43c99a3043db4b3a74327bb93d0914e84a0c3dba90bbfd67625/developers","https://developers-dot-devsite-v2-prod.appspot.com",null,null,["/_pwa/developers/manifest.json","https://www.gstatic.com/devrel-devsite/prod/v870e399c64f7c43c99a3043db4b3a74327bb93d0914e84a0c3dba90bbfd67625/images/video-placeholder.svg","https://www.gstatic.com/devrel-devsite/prod/v870e399c64f7c43c99a3043db4b3a74327bb93d0914e84a0c3dba90bbfd67625/developers/images/favicon-new.png","https://fonts.googleapis.com/css?family=Google+Sans:400,500|Roboto:400,400italic,500,500italic,700,700italic|Roboto+Mono:400,500,700&display=swap"],1,null,[1,6,8,12,14,17,21,25,50,52,63,70,75,76,80,87,91,92,93,97,98,100,101,102,103,104,105,107,108,109,110,112,113,117,118,120,122,124,125,126,127,129,130,131,132,133,134,135,136,138,140,141,147,148,149,151,152,156,157,158,159,161,163,164,168,169,170,179,180,182,183,186,191,193,196],"AIzaSyAP-jjEJBzmIyKR4F-3XITp8yM9T1gEEI8","AIzaSyB6xiKGDR5O3Ak2okS4rLkauxGUG7XP0hg","developers.google.com","AIzaSyAQk0fBONSGUqCNznf6Krs82Ap1-NV6J4o","AIzaSyCCxcqdrZ_7QMeLCRY20bh_SXdAYqy70KY",null,null,null,["MiscFeatureFlags__enable_view_transitions","Cloud__enable_cloudx_ping","Profiles__enable_complete_playlist_endpoint","Search__enable_suggestions_from_borg","Profiles__enable_profile_collections","MiscFeatureFlags__emergency_css","Profiles__enable_developer_profiles_callout","Search__enable_dynamic_content_confidential_banner","MiscFeatureFlags__enable_firebase_utm","TpcFeatures__enable_mirror_tenant_redirects","MiscFeatureFlags__developers_footer_dark_image","TpcFeatures__enable_required_headers","Cloud__enable_free_trial_server_call","Profiles__enable_completecodelab_endpoint","Cloud__enable_legacy_calculator_redirect","Profiles__enable_dashboard_curated_recommendations","Significatio__enable_by_tenant","Cloud__enable_cloud_dlp_service","CloudShell__cloud_code_overflow_menu","Concierge__enable_concierge_restricted","Cloud__enable_cloud_shell","Profiles__enable_awarding_url","Cloud__enable_llm_concierge_chat","MiscFeatureFlags__enable_variable_operator","Profiles__enable_public_developer_profiles","DevPro__enable_cloud_innovators_plus","MiscFeatureFlags__developers_footer_image","Cloud__enable_cloudx_experiment_ids","Cloud__enable_cloud_shell_fte_user_flow","Analytics__enable_clearcut_logging","Cloud__enable_cloud_facet_chat","Search__enable_page_map","Profiles__enable_release_notes_notifications","Search__enable_ai_search_summaries_restricted","BookNav__enable_tenant_cache_key","Concierge__enable_concierge","Profiles__enable_recognition_badges","MiscFeatureFlags__enable_explain_this_code","EngEduTelemetry__enable_engedu_telemetry","Search__enable_ai_search_summaries","CloudShell__cloud_shell_button","Profiles__require_profile_eligibility_for_signin","Experiments__reqs_query_experiments","Search__enable_ai_eligibility_checks","Profiles__enable_page_saving","Concierge__enable_pushui","MiscFeatureFlags__enable_project_variables","DevPro__enable_developer_subscriptions"],null,null,"AIzaSyBLEMok-5suZ67qRPzx0qUtbnLmyT_kCVE","https://developerscontentserving-pa.clients6.google.com","AIzaSyCM4QpTRSqP5qI4Dvjt4OAScIN8sOUlO-k","https://developerscontentsearch-pa.clients6.google.com",1,4,null,"https://developerprofiles-pa.clients6.google.com",[1,"developers","Google for Developers","developers.google.com",null,"developers-dot-devsite-v2-prod.appspot.com",null,null,[1,1,[1],null,null,null,null,null,null,null,null,[1],null,null,null,null,null,null,[1],[1,null,null,[1,20],"/recommendations/information"],null,null,null,[1,1,1],[1,1,null,1,1]],null,[null,null,null,null,null,null,"/images/lockup-new.svg","/images/touchicon-180-new.png",null,null,null,null,1,null,null,null,null,null,null,null,null,1,null,null,null,"/images/lockup-dark-theme-new.svg",[]],[],null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,[6,1,14,15,20,22,23,29,32,36],null,[[null,null,null,[3,7,10,2,39,17,4,32,24,11,12,13,34,15,25],null,null,[1,[["docType","Choose a content type",[["Tutorial",null,null,null,null,null,null,null,null,"Tutorial"],["Guide",null,null,null,null,null,null,null,null,"Guide"],["Sample",null,null,null,null,null,null,null,null,"Sample"]]],["product","Choose a product",[["Android",null,null,null,null,null,null,null,null,"Android"],["ARCore",null,null,null,null,null,null,null,null,"ARCore"],["ChromeOS",null,null,null,null,null,null,null,null,"ChromeOS"],["Firebase",null,null,null,null,null,null,null,null,"Firebase"],["Flutter",null,null,null,null,null,null,null,null,"Flutter"],["Assistant",null,null,null,null,null,null,null,null,"Google Assistant"],["GoogleCloud",null,null,null,null,null,null,null,null,"Google Cloud"],["GoogleMapsPlatform",null,null,null,null,null,null,null,null,"Google Maps Platform"],["GooglePay",null,null,null,null,null,null,null,null,"Google Pay & Google Wallet"],["GooglePlay",null,null,null,null,null,null,null,null,"Google Play"],["Tensorflow",null,null,null,null,null,null,null,null,"TensorFlow"]]],["category","Choose a topic",[["AiAndMachineLearning",null,null,null,null,null,null,null,null,"AI and Machine Learning"],["Data",null,null,null,null,null,null,null,null,"Data"],["Enterprise",null,null,null,null,null,null,null,null,"Enterprise"],["Gaming",null,null,null,null,null,null,null,null,"Gaming"],["Mobile",null,null,null,null,null,null,null,null,"Mobile"],["Web",null,null,null,null,null,null,null,null,"Web"]]]]]],[1,1],null,1],[[["UA-24532603-1"],["UA-22084204-5"],null,null,["UA-24532603-5"],null,null,[["G-272J68FCRF"],null,null,[["G-272J68FCRF",2]]],[["UA-24532603-1",2]],null,[["UA-24532603-5",2]],null,1],[[4,3],[14,11],[15,12],[3,2],[5,4],[1,1],[13,10],[12,9],[6,5],[16,13],[11,8]],[[1,1],[2,2]]],null,4,null,null,null,null,null,null,null,null,null,null,null,null,null,"developers.devsite.google"],null,"pk_live_5170syrHvgGVmSx9sBrnWtA5luvk9BwnVcvIi7HizpwauFG96WedXsuXh790rtij9AmGllqPtMLfhe2RSwD6Pn38V00uBCydV4m"]') </script> <devsite-a11y-announce></devsite-a11y-announce> </body> </html>

CINXE.COM

Origin trial for HTTP header support in Storage Access | Privacy Sandbox | Google for Developers