CINXE.COM

Saying goodbye to third-party cookies in 2024 | MDN Blog

<!doctype html><html lang="en-US" prefix="og: https://ogp.me/ns#"><head><meta charSet="utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="icon" href="https://developer.mozilla.org/favicon-48x48.bc390275e955dacb2e65.png"/><link rel="apple-touch-icon" href="https://developer.mozilla.org/apple-touch-icon.528534bba673c38049c2.png"/><meta name="theme-color" content="#ffffff"/><link rel="manifest" href="https://developer.mozilla.org/manifest.f42880861b394dd4dc9b.json"/><link rel="search" type="application/opensearchdescription+xml" href="/opensearch.xml" title="MDN Web Docs"/><title>Saying goodbye to third-party cookies in 2024 | MDN Blog</title><link rel="preload" as="font" type="font/woff2" href="/static/media/Inter.var.c2fe3cb2b7c746f7966a.woff2" crossorigin=""/><link rel="alternate" type="application/rss+xml" title="MDN Blog RSS Feed" href="https://developer.mozilla.org/en-US/blog/rss.xml" hrefLang="en"/><meta name="description" content="The tail end of 2023 welcomes positive news for web privacy, as Chrome announces it is to join Firefox and Safari in deprecating third-party cookies in 2024. Find out more details about these changes, and what they mean for web developers."/><meta property="og:url" content="https://developer.mozilla.org/en-US/blog/goodbye-third-party-cookies/"/><meta property="og:title" content="Saying goodbye to third-party cookies in 2024 | MDN Blog"/><meta property="og:type" content="website"/><meta property="og:locale" content="en_US"/><meta property="og:description" content="The tail end of 2023 welcomes positive news for web privacy, as Chrome announces it is to join Firefox and Safari in deprecating third-party cookies in 2024. Find out more details about these changes, and what they mean for web developers."/><meta property="og:image" content="https://developer.mozilla.org/en-US/blog/goodbye-third-party-cookies/third-party-cookies-featured.png"/><meta property="og:image:type" content="image/png"/><meta property="og:image:height" content="1080"/><meta property="og:image:width" content="1920"/><meta property="og:image:alt" content="The MDN Web Docs logo, featuring a blue accent color, displayed on a solid black background."/><meta property="og:site_name" content="MDN Web Docs"/><meta name="twitter:card" content="summary_large_image"/><meta name="twitter:creator" content="MozDevNet"/><link rel="canonical" href="https://developer.mozilla.org/en-US/blog/goodbye-third-party-cookies/"/><style media="print">.article-actions-container,.document-toc-container,.language-menu,.main-menu-toggle,.on-github,.page-footer,.place,.sidebar,.top-banner,.top-navigation-main,ul.prev-next{display:none!important}.main-page-content,.main-page-content pre{padding:2px}.main-page-content pre{border-left-width:2px}</style><script src="/static/js/gtag.js" defer=""></script><script defer="" src="/static/js/main.f565372a.js"></script><link href="/static/css/main.3d9e7a02.css" rel="stylesheet"/></head><body><script>if(document.body.addEventListener("load",(t=>{t.target.classList.contains("interactive")&&t.target.setAttribute("data-readystate","complete")}),{capture:!0}),window&&document.documentElement){const t={light:"#ffffff",dark:"#1b1b1b"};try{const e=window.localStorage.getItem("theme");e&&(document.documentElement.className=e,document.documentElement.style.backgroundColor=t[e]);const o=window.localStorage.getItem("nop");o&&(document.documentElement.dataset.nop=o)}catch(t){console.warn("Unable to read theme from localStorage",t)}}</script><div id="root"><ul id="nav-access" class="a11y-nav"><li><a id="skip-main" href="#content">Skip to main content</a></li><li><a id="skip-search" href="#top-nav-search-input">Skip to search</a></li></ul><div class="page-wrapper standard-page blog"><div class="top-banner loading"><section class="place top container"></section></div><div class="sticky-header-container without-actions"><header class="top-navigation "><div class="container "><div class="top-navigation-wrap"><a href="/en-US/" class="logo" aria-label="MDN homepage"><svg id="mdn-docs-logo" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 361 104.2" style="enable-background:new 0 0 361 104.2" xml:space="preserve" role="img"><title>MDN Web Docs</title><path d="M197.6 73.2h-17.1v-5.5h3.8V51.9c0-3.7-.7-6.3-2.1-7.9-1.4-1.6-3.3-2.3-5.7-2.3-3.2 0-5.6 1.1-7.2 3.4s-2.4 4.6-2.5 6.9v15.6h6v5.5h-17.1v-5.5h3.8V51.9c0-3.8-.7-6.4-2.1-7.9-1.4-1.5-3.3-2.3-5.6-2.3-3.2 0-5.5 1.1-7.2 3.3-1.6 2.2-2.4 4.5-2.5 6.9v15.8h6.9v5.5h-20.2v-5.5h6V42.4h-6.1v-5.6h13.4v6.4c1.2-2.1 2.7-3.8 4.7-5.2 2-1.3 4.4-2 7.3-2s5.3.7 7.5 2.1c2.2 1.4 3.7 3.5 4.5 6.4 1.1-2.5 2.7-4.5 4.9-6.1s4.8-2.4 7.9-2.4c3.5 0 6.5 1.1 8.9 3.3s3.7 5.6 3.7 10.2v18.2h6.1v5.5zm42.5 0h-13.2V66c-1.2 2.2-2.8 4.1-4.9 5.6-2.1 1.6-4.8 2.4-8.3 2.4-4.8 0-8.7-1.6-11.6-4.9-2.9-3.2-4.3-7.7-4.3-13.3 0-5 1.3-9.6 4-13.7 2.6-4.1 6.9-6.2 12.8-6.2s9.8 2.2 12.3 6.5V22.7h-8.6v-5.6h15.8v50.6h6v5.5zm-13.3-16.8V52c-.1-3-1.2-5.5-3.2-7.3s-4.4-2.8-7.2-2.8c-3.6 0-6.3 1.3-8.2 3.9-1.9 2.6-2.8 5.8-2.8 9.6 0 4.1 1 7.3 3 9.5s4.5 3.3 7.4 3.3c3.2 0 5.8-1.3 7.8-3.8 2.1-2.6 3.1-5.3 3.2-8zm61.5 16.8H269v-5.5h6V51.9c0-3.7-.7-6.3-2.2-7.9-1.4-1.6-3.4-2.3-5.7-2.3-3.1 0-5.6 1-7.4 3s-2.8 4.4-2.9 7v15.9h6v5.5h-19.3v-5.5h6V42.4h-6.2v-5.6h13.6V43c2.6-4.6 6.8-6.9 12.7-6.9 3.6 0 6.7 1.1 9.2 3.3s3.7 5.6 3.7 10.2v18.2h6v5.4h-.2z" class="logo-text"></path><path d="M42 .2 13.4 92.3H1.7L30.2.2Zm10.4 0v92.1H42V.2Zm40.3 0L64.2 92.3H52.5L81 .2Zm10.4 0v92.1H92.7V.2Z" class="logo-m"></path><path d="M294 95h67v8.8h-67z" class="logo-_"></path></svg></a><button title="Open main menu" type="button" class="button action has-icon main-menu-toggle" aria-haspopup="menu" aria-label="Open main menu" aria-expanded="false"><span class="button-wrap"><span class="icon icon-menu "></span><span class="visually-hidden">Open main menu</span></span></button></div><div class="top-navigation-main"><nav class="main-nav" aria-label="Main menu"><ul class="main-menu nojs"><li class="top-level-entry-container "><button type="button" id="references-button" class="top-level-entry menu-toggle" aria-controls="references-menu" aria-expanded="false">References</button><a href="/en-US/docs/Web" class="top-level-entry">References</a><ul id="references-menu" class="submenu references hidden inline-submenu-lg" aria-labelledby="references-button"><li class="apis-link-container mobile-only "><a href="/en-US/docs/Web" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">Overview / Web Technology</div><p class="submenu-item-description">Web technology reference for developers</p></div></a></li><li class="html-link-container "><a href="/en-US/docs/Web/HTML" class="submenu-item "><div class="submenu-icon html"></div><div class="submenu-content-container"><div class="submenu-item-heading">HTML</div><p class="submenu-item-description">Structure of content on the web</p></div></a></li><li class="css-link-container "><a href="/en-US/docs/Web/CSS" class="submenu-item "><div class="submenu-icon css"></div><div class="submenu-content-container"><div class="submenu-item-heading">CSS</div><p class="submenu-item-description">Code used to describe document style</p></div></a></li><li class="javascript-link-container "><a href="/en-US/docs/Web/JavaScript" class="submenu-item "><div class="submenu-icon javascript"></div><div class="submenu-content-container"><div class="submenu-item-heading">JavaScript</div><p class="submenu-item-description">General-purpose scripting language</p></div></a></li><li class="http-link-container "><a href="/en-US/docs/Web/HTTP" class="submenu-item "><div class="submenu-icon http"></div><div class="submenu-content-container"><div class="submenu-item-heading">HTTP</div><p class="submenu-item-description">Protocol for transmitting web resources</p></div></a></li><li class="apis-link-container "><a href="/en-US/docs/Web/API" class="submenu-item "><div class="submenu-icon apis"></div><div class="submenu-content-container"><div class="submenu-item-heading">Web APIs</div><p class="submenu-item-description">Interfaces for building web applications</p></div></a></li><li class="apis-link-container "><a href="/en-US/docs/Mozilla/Add-ons/WebExtensions" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">Web Extensions</div><p class="submenu-item-description">Developing extensions for web browsers</p></div></a></li><li class=" "><a href="/en-US/docs/Web/Accessibility" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">Accessibility</div><p class="submenu-item-description">Build web projects usable for all</p></div></a></li><li class="apis-link-container desktop-only "><a href="/en-US/docs/Web" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">Web Technology</div><p class="submenu-item-description">Web technology reference for developers</p></div></a></li></ul></li><li class="top-level-entry-container "><button type="button" id="learn-button" class="top-level-entry menu-toggle" aria-controls="learn-menu" aria-expanded="false">Learn</button><a href="/en-US/docs/Learn_web_development" class="top-level-entry">Learn</a><ul id="learn-menu" class="submenu learn hidden inline-submenu-lg" aria-labelledby="learn-button"><li class="apis-link-container mobile-only "><a href="/en-US/docs/Learn_web_development" class="submenu-item "><div class="submenu-icon learn"></div><div class="submenu-content-container"><div class="submenu-item-heading">Overview / MDN Learning Area</div><p class="submenu-item-description">Learn web development</p></div></a></li><li class="apis-link-container desktop-only "><a href="/en-US/docs/Learn_web_development" class="submenu-item "><div class="submenu-icon learn"></div><div class="submenu-content-container"><div class="submenu-item-heading">MDN Learning Area</div><p class="submenu-item-description">Learn web development</p></div></a></li><li class="html-link-container "><a href="/en-US/docs/Learn_web_development/Core/Structuring_content" class="submenu-item "><div class="submenu-icon html"></div><div class="submenu-content-container"><div class="submenu-item-heading">HTML</div><p class="submenu-item-description">Learn to structure web content with HTML</p></div></a></li><li class="css-link-container "><a href="/en-US/docs/Learn_web_development/Core/Styling_basics" class="submenu-item "><div class="submenu-icon css"></div><div class="submenu-content-container"><div class="submenu-item-heading">CSS</div><p class="submenu-item-description">Learn to style content using CSS</p></div></a></li><li class="javascript-link-container "><a href="/en-US/docs/Learn_web_development/Core/Scripting" class="submenu-item "><div class="submenu-icon javascript"></div><div class="submenu-content-container"><div class="submenu-item-heading">JavaScript</div><p class="submenu-item-description">Learn to run scripts in the browser</p></div></a></li><li class=" "><a href="/en-US/docs/Learn_web_development/Core/Accessibility" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">Accessibility</div><p class="submenu-item-description">Learn to make the web accessible to all</p></div></a></li></ul></li><li class="top-level-entry-container "><button type="button" id="mdn-plus-button" class="top-level-entry menu-toggle" aria-controls="mdn-plus-menu" aria-expanded="false">Plus</button><a href="/en-US/plus" class="top-level-entry">Plus</a><ul id="mdn-plus-menu" class="submenu mdn-plus hidden inline-submenu-lg" aria-labelledby="mdn-plus-button"><li class=" "><a href="/en-US/plus" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">Overview</div><p class="submenu-item-description">A customized MDN experience</p></div></a></li><li class=" "><a href="/en-US/plus/ai-help" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">AI Help</div><p class="submenu-item-description">Get real-time assistance and support</p></div></a></li><li class=" "><a href="/en-US/plus/updates" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">Updates</div><p class="submenu-item-description">All browser compatibility updates at a glance</p></div></a></li><li class=" "><a href="/en-US/plus/docs/features/overview" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">Documentation</div><p class="submenu-item-description">Learn how to use MDN Plus</p></div></a></li><li class=" "><a href="/en-US/plus/docs/faq" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">FAQ</div><p class="submenu-item-description">Frequently asked questions about MDN Plus</p></div></a></li></ul></li><li class="top-level-entry-container "><a class="top-level-entry menu-link" href="/en-US/curriculum/">Curriculum <sup class="new">New</sup></a></li><li class="top-level-entry-container active"><a class="top-level-entry menu-link" href="/en-US/blog/">Blog</a></li><li class="top-level-entry-container "><button type="button" id="tools-button" class="top-level-entry menu-toggle" aria-controls="tools-menu" aria-expanded="false">Tools</button><ul id="tools-menu" class="submenu tools hidden inline-submenu-lg" aria-labelledby="tools-button"><li class=" "><a href="/en-US/play" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">Playground</div><p class="submenu-item-description">Write, test and share your code</p></div></a></li><li class=" "><a href="/en-US/observatory" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">HTTP Observatory</div><p class="submenu-item-description">Scan a website for free</p></div></a></li><li class=" "><a href="/en-US/plus/ai-help" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">AI Help</div><p class="submenu-item-description">Get real-time assistance and support</p></div></a></li></ul></li></ul></nav><div class="header-search"><form action="/en-US/search" class="search-form search-widget" id="top-nav-search-form" role="search"><label id="top-nav-search-label" for="top-nav-search-input" class="visually-hidden">Search MDN</label><input aria-activedescendant="" aria-autocomplete="list" aria-controls="top-nav-search-menu" aria-expanded="false" aria-labelledby="top-nav-search-label" autoComplete="off" id="top-nav-search-input" role="combobox" type="search" class="search-input-field" name="q" placeholder="   " required="" value=""/><button type="button" class="button action has-icon clear-search-button"><span class="button-wrap"><span class="icon icon-cancel "></span><span class="visually-hidden">Clear search input</span></span></button><button type="submit" class="button action has-icon search-button"><span class="button-wrap"><span class="icon icon-search "></span><span class="visually-hidden">Search</span></span></button><div id="top-nav-search-menu" role="listbox" aria-labelledby="top-nav-search-label"></div></form></div><div class="theme-switcher-menu"><button type="button" class="button action has-icon theme-switcher-menu small" aria-haspopup="menu"><span class="button-wrap"><span class="icon icon-theme-os-default "></span>Theme</span></button></div><ul class="auth-container"><li><a href="/users/fxa/login/authenticate/?next=%2Fen-US%2Fblog%2Fgoodbye-third-party-cookies%2F" class="login-link" rel="nofollow">Log in</a></li><li><a href="/users/fxa/login/authenticate/?next=%2Fen-US%2Fblog%2Fgoodbye-third-party-cookies%2F" target="_self" rel="nofollow" class="button primary mdn-plus-subscribe-link"><span class="button-wrap">Sign up for free</span></a></li></ul></div></div></header></div><main class="blog-post-container container"><div class="sidebar-container toc-container"><aside class="toc"><nav><div class="document-toc-container"><section class="document-toc"><header><h2 class="document-toc-heading">In this article</h2></header><ul class="document-toc-list"><li class="document-toc-item "><a class="document-toc-link" href="#the_problem_with_cookies">The problem with cookies</a></li><li class="document-toc-item "><a class="document-toc-link" href="#how_browsers_have_responded_to_this">How browsers have responded to this</a></li><li class="document-toc-item "><a class="document-toc-link" href="#how_this_affects_web_developers">How this affects web developers</a></li><li class="document-toc-item "><a class="document-toc-link" href="#summary">Summary</a></li></ul></section></div></nav></aside><section class="place side"></section></div><article class="blog-post blog-container main-page-content" lang="en-US"><figure class="blog-image"><img alt="Saying goodbye to third-party cookies in 2024 title. A vibrant gradient behind artwork of a cookie and a web browser." src="./third-party-cookies-featured.png" height="420" width="800"/></figure><h1>Saying goodbye to third-party cookies in 2024</h1><div class="date-author"><a href="https://millsdocs.com/" class="external author" target="_blank" rel="noreferrer"><img src="/en-US/blog/author/chris-mills/avatar.jpg" alt="Author avatar"/>Chris Mills</a><time class="date">December 8, 2023</time><span class="read-time">8<!-- --> minute read</span></div><div class="section-content"><p>The tail end of 2023 welcomes positive news for web privacy, as Chrome announces it is to join Firefox and Safari in deprecating third-party cookies in 2024 — starting with 1% of users from Q1 2024 to facilitate testing and ramping up from there.</p> <p>This article explains the issues behind third-party cookies, what has been done already to mitigate those issues, Chrome's plans to disable them starting in Q1 2024, and how this all affects web developers and the users of their products.</p></div><section aria-labelledby="the_problem_with_cookies"><h2 id="the_problem_with_cookies"><a href="#the_problem_with_cookies">The problem with cookies</a></h2><div class="section-content"><p>Cookies have been around for a very long time on the web. In a nutshell, the idea is that a site can set a cookie on a user's browser via the <a href="/en-US/docs/Web/HTTP/Headers/Set-Cookie"><code>Set-Cookie</code></a> response header once a resource has been requested. This cookie can contain whatever data strings the site owners wish, and is generally used to provide state to websites.</p> <p>For example, a cookie allows websites to retrieve information such as whether the user previously logged in, what they added to their shopping cart, their theme preferences and other personalization settings, saved game state, etc.</p> <div class="notecard note"> <p><strong>Note:</strong> Cookies used to be the primary method of storing client-side site data, although now more useful technologies exist for that purpose such as <a href="/en-US/docs/Web/API/Web_Storage_API">Web Storage</a> and <a href="/en-US/docs/Web/API/IndexedDB_API">IndexedDB</a>.</p> </div> <p>The above use cases can all be achieved with cookies set for documents existing on the same domain as the URL loaded in the browser. These are referred to as <em>first party cookies</em>.</p> <p>Problems can arise when cookies are set for components that exist on different domains than the embedding document, such as images, or other documents embedded via <a href="/en-US/docs/Web/HTML/Element/iframe"><code>&lt;iframe&gt;</code></a>s. These cross-site cookies are commonly referred to as <em>third-party cookies</em>—but the behavior and potential issues are the same whether you own all the involved sites or not.</p> <p>Third-party components can store information in their cookies from any and all documents they are embedded in. The originating third-party domain can then get access to all those third-party cookies, aggregating information from each one. This may sound harmless at first, and there are many legitimate uses of third-party cookies — for example a company might want to share user login state and profile information across multiple sites that it owns that are on different domains, or record analytics across its different properties to investigate user journeys and build more usable experiences. An ad tech company might want to infer user interests from the sites they visit to serve them more relevant ads.</p> <p>However, in the worst cases, third-party cookies are used to track users around the web, building up a detailed profile of them that could include not only interests but also deeply personal information such as gender, sexuality, religion, political affiliation, etc. This information can be used to build creepy, invasive online experiences and is also sold to other third parties. In such cases, they are referred to as <em>tracking cookies</em>.</p> <p>Legislation such as the <a href="https://en.wikipedia.org/wiki/General_Data_Protection_Regulation" class="external" target="_blank">General Data Privacy Regulation</a> (GDPR) in the European Union and the <a href="https://www.oag.ca.gov/privacy/ccpa" class="external" target="_blank">California Consumer Privacy Act</a> (CCPA) have helped by making it a legal requirement for companies to be transparent about the cookies they set and the information they collect, for example by asking customers to opt in to such data collection, allowing them to see what data a company hold on them, and allowing them to delete it if they wish. However, it is still not always crystal clear to customers how their data is being used.</p></div></section><section aria-labelledby="how_browsers_have_responded_to_this"><h2 id="how_browsers_have_responded_to_this"><a href="#how_browsers_have_responded_to_this">How browsers have responded to this</a></h2><div class="section-content"><p>Browser vendors such as Mozilla and Apple provide general defaults that block third-party cookies, while also including exceptions and heuristics in their source code to work around long-standing third-party cookie issues with popular websites.</p> <p>For example:</p> <ul> <li>Mozilla's <a href="https://wiki.mozilla.org/Security/Anti_tracking_policy" class="external" target="_blank">Anti-tracking policy</a> has led to Firefox blocking third-party cookies from known trackers by default (see <a href="/en-US/docs/Web/Privacy/Firefox_tracking_protection">Firefox tracking protection</a> and <a href="https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop" class="external" target="_blank">Enhanced Tracking Protection</a>). Enhanced Tracking Protection can be set to Standard, Strict, or Custom. <a href="https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop#w_standard-enhanced-tracking-protection" class="external" target="_blank">Standard mode</a> enables <a href="https://blog.mozilla.org/en/products/firefox/firefox-rolls-out-total-cookie-protection-by-default-to-all-users-worldwide/" class="external" target="_blank">Total Cookie Protection</a>, which gives third-party cookies a separate cookie jar per site, thereby preventing cross-site tracking. In <a href="https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop#w_strict-enhanced-tracking-protection" class="external" target="_blank">Strict mode</a>, Firefox blocks all third-party cookies.</li> <li>Apple also has a similar <a href="https://webkit.org/tracking-prevention-policy/" class="external" target="_blank">Tracking prevention policy</a>; following this has led to a similar set of third-party cookie protections that are enabled by default; see <a href="https://webkit.org/tracking-prevention/#intelligent-tracking-prevention-itp" class="external" target="_blank">Intelligent Tracking Prevention</a> (ITP) for details.</li> <li>The <a href="https://brave.com/" class="external" target="_blank">Brave</a> browser also blocks tracking cookies by default.</li> </ul> <p>It is possible to allow usage of third-party cookies on a case-by-case basis in Firefox via browser settings. In Safari however, control is more limited — you can turn off cross-site tracking prevention, but allowing access to third-party cookies per frame can only be done at the code level, via the <a href="/en-US/docs/Web/API/Storage_Access_API">Storage Access API</a>.</p></div></section><section aria-labelledby="googles_longer_game"><h3 id="googles_longer_game"><a href="#googles_longer_game">Google's long(er) game</a></h3><div class="section-content"><p>This brings us on to Google who, from a cursory glance, seem to be slower off the mark than other browsers with regards to third-party cookie protection. At time of writing, third-party cookies are blocked only when in Incognito mode by default, although users can set Chrome to block third-party cookies all the time if they wish.</p> <div class="notecard note"> <p><strong>Note:</strong> Microsoft Edge also currently does not block third-party cookies by default.</p> </div> <p>Google's seemingly-slow response is a result of its vested interest in the business uses of third-party cookies, which includes advertising by a wide range of different organizations, including Google, as well as third-party authentication services and many other uses besides. Chrome also has a large share of the browser market which amplifies concern about the potential of breaking critical journeys for their user base, for example logging into government services or buying groceries.</p> <p>Rather than quickly going for a blanket disabling option, Google has opted for a more nuanced solution — phasing out third-party cookies more slowly while developing new technologies to ensure that valid use cases have a privacy-focused way forward after third-party cookies are disabled by default, rather than potentially motivating sites to move to more covert forms of tracking or moving content behind sign-ins and paywalls.</p> <p>These new web platform features are collected under the blanket of the <a href="https://developer.chrome.com/privacy-sandbox/" class="external" target="_blank">Privacy Sandbox</a> project, and have already undergone much development and testing. Some now enjoy cross-browser support, for example the <a href="/en-US/docs/Web/API/Storage_Access_API">Storage Access API</a>, paving the way towards better cross-browser consistency in handling cross-site cookies.</p> <p>These features have now reached the point where Google feels that they are mature enough to support their intended use cases, allowing Google to proceed to the step of starting to disable third-party cookies.</p> <p>Chrome will disable third-party cookies for 1% of users from Q1 2024 to facilitate testing, gradually ramping up to 100% of users from Q3 2024. Reaching the 100% figure depends on Google addressing any remaining competition concerns from the UK's <a href="https://www.gov.uk/cma-cases/investigation-into-googles-privacy-sandbox-browser-changes" class="external" target="_blank">Competition and Markets Authority</a> (CMA).</p></div></section><section aria-labelledby="how_this_affects_web_developers"><h2 id="how_this_affects_web_developers"><a href="#how_this_affects_web_developers">How this affects web developers</a></h2><div class="section-content"><p>As a result of this change, web developers may well experience higher volumes of users having broken experiences on their web properties, especially if they directly set third-party cookies, or use third-party services that set third-party cookies.</p> <p>To work around such issues, you are advised to:</p> <ol> <li>Audit your third-party cookie usage. Third party cookies have a <a href="/en-US/docs/Web/HTTP/Headers/Set-Cookie#samesitesamesite-value"><code>SameSite=None</code></a> value set; you should therefore be able to identify them by searching for this setting in your browser DevTools, for example in the <a href="https://firefox-source-docs.mozilla.org/devtools-user/storage_inspector/" class="external" target="_blank">Firefox Storage Inspector</a> or the <a href="https://developer.chrome.com/docs/devtools/application/cookies/" class="external" target="_blank">Chrome Application panel</a>.</li> <li>Test functionality that uses third party cookies for breakage. You can set your browser to block third party cookies in its settings. Chrome 118+ also has a flag, <code>chrome://flags/#test-third-party-cookie-phaseout</code>, which when enabled will set Chrome to block third-party cookies and ensure that new functionality and mitigations are active in order to best simulate the state after the phase out. <ul> <li>You should validate if your <code>SameSite=None</code> cookies are really still needed. It's possible that they could have been marked as such to provide a quick fix in the past.</li> </ul> </li> <li>Fix critical functionality that is broken. There are various alternatives that may work for you, for example: <ul> <li>Initially at least, you could make your code more resilient so that it provides a less personalized experience when third party cookie data is not available rather than breaking altogether. Follow the principles of <a href="/en-US/docs/Glossary/Graceful_degradation">graceful degradation</a>.</li> <li>You could choose to gather such data via alternative means, such as user surveys or quizzes, or looking at data you already have such as product order histories to infer trends.</li> <li>If your third-party cookies are only used across a small number of related, known websites, you could use the <a href="/en-US/docs/Web/API/Storage_Access_API">Storage Access API</a> and/or <a href="https://developer.chrome.com/blog/related-website-sets/" class="external" target="_blank">Related Website Sets</a> to allow cross-site cookie access only for those specific sites. Storage Access prompts the user to provide permission for a site to use third party cookies on a per-frame basis. <ul> <li>If you've already implemented a solution using the Storage Access API for Firefox or Safari then this is a good time to check your implementation against Chrome's behavior, which was updated to provide full support in version 119.</li> <li>Related Website Sets can be considered a progressive enhancement of the Storage Access API: The API can be used in just the same way, but sites in the set will not prompt users for permission to access third party cookies.</li> </ul> </li> <li>If your third-party cookies are being used on a 1:1 basis with the top-level sites they are generated on, you could use <a href="/en-US/docs/Web/Privacy/Privacy_sandbox/Partitioned_cookies">Cookies Having Independent Partitioned State (CHIPS)</a>, also known as partitioned cookies, to opt your cookies into partitioned storage with a separate cookie jar per top-level site. This only requires adding the <code>partitioned</code> attribute to your existing cross-site cookies. They can then be used in an unrestricted fashion, but they can't be shared with other sites. Note that CHIPS is currently Chromium-only.</li> <li>You can start to explore the different features available in Google's Privacy Sandbox project to see if they fit your use case (these are currently Chromium-only). For example: <ul> <li><a href="/en-US/docs/Web/API/FedCM_API">Federated Credential Management (FedCM) API</a>: Enables federated identity services allowing users to sign in to sites and services.</li> <li><a href="https://developer.chrome.com/docs/privacy-sandbox/private-state-tokens/" class="external" target="_blank">Private State Tokens</a>: Enables anti-fraud and anti-spam by exchanging limited, non-identifying information across sites.</li> <li><a href="https://developer.chrome.com/docs/privacy-sandbox/topics/overview/" class="external" target="_blank">Topics API</a>: Enables interest-based advertising and content personalization.</li> <li><a href="https://developer.chrome.com/docs/privacy-sandbox/protected-audience/" class="external" target="_blank">Protected Audience API</a>: Enables remarketing and custom audiences.</li> <li><a href="https://developer.chrome.com/docs/privacy-sandbox/attribution-reporting/" class="external" target="_blank">Attribution Reporting API</a>: Enables measurement of ad impressions and conversions.</li> </ul> </li> </ul> </li> </ol></div></section><section aria-labelledby="summary"><h2 id="summary"><a href="#summary">Summary</a></h2><div class="section-content"><p>Getting rid of third-party cookies from the web has been a long time coming, and the story is not yet finished. However, Chrome's announcement is a big step towards making it happen. You can help — use the resources above to check whether your sites and apps could migrate away from using third-party cookies using the features available today. Spread the word on this to encourage others to do the same. And give browser vendors feedback on what's still missing.</p> <p>Note: The <code>developer.chrome.com</code> article <a href="https://developer.chrome.com/blog/cookie-countdown-2023oct/" class="external" target="_blank">Preparing for the end of third-party cookies</a> has more information about testing from a Chrome point of view, and how to use privacy sandbox technologies to work around your issues.</p></div></section><section class="previous-next"><a href="/en-US/blog/baseline-evolution-on-mdn/" class="previous"><article><h2><strong>Previous<!-- --> Post</strong> <!-- -->Baseline&#x27;s evolution on MDN</h2></article></a><a href="/en-US/blog/build-ai-powered-apps-openllm-vultr-gpu/" class="next"><article><h2><strong>Next<!-- --> Post</strong> <!-- -->Build AI-powered applications using OpenLLM and Vultr Cloud GPU</h2></article></a></section></article></main></div><footer id="nav-footer" class="page-footer"><div class="page-footer-grid"><div class="page-footer-logo-col"><a href="/" class="mdn-footer-logo" aria-label="MDN homepage"><svg width="48" height="17" viewBox="0 0 48 17" fill="none" xmlns="http://www.w3.org/2000/svg"><title id="mdn-footer-logo-svg">MDN logo</title><path d="M20.04 16.512H15.504V10.416C15.504 9.488 15.344 8.824 15.024 8.424C14.72 8.024 14.264 7.824 13.656 7.824C12.92 7.824 12.384 8.064 12.048 8.544C11.728 9.024 11.568 9.64 11.568 10.392V14.184H13.008V16.512H8.472V10.416C8.472 9.488 8.312 8.824 7.992 8.424C7.688 8.024 7.232 7.824 6.624 7.824C5.872 7.824 5.336 8.064 5.016 8.544C4.696 9.024 4.536 9.64 4.536 10.392V14.184H6.6V16.512H0V14.184H1.44V8.04H0.024V5.688H4.536V7.32C5.224 6.088 6.32 5.472 7.824 5.472C8.608 5.472 9.328 5.664 9.984 6.048C10.64 6.432 11.096 7.016 11.352 7.8C11.992 6.248 13.168 5.472 14.88 5.472C15.856 5.472 16.72 5.776 17.472 6.384C18.224 6.992 18.6 7.936 18.6 9.216V14.184H20.04V16.512Z" fill="currentColor"></path><path d="M33.6714 16.512H29.1354V14.496C28.8314 15.12 28.3834 15.656 27.7914 16.104C27.1994 16.536 26.4154 16.752 25.4394 16.752C24.0154 16.752 22.8954 16.264 22.0794 15.288C21.2634 14.312 20.8554 12.984 20.8554 11.304C20.8554 9.688 21.2554 8.312 22.0554 7.176C22.8554 6.04 24.0634 5.472 25.6794 5.472C26.5594 5.472 27.2794 5.648 27.8394 6C28.3994 6.352 28.8314 6.8 29.1354 7.344V2.352H26.9754V0H32.2314V14.184H33.6714V16.512ZM29.1354 11.04V10.776C29.1354 9.88 28.8954 9.184 28.4154 8.688C27.9514 8.176 27.3674 7.92 26.6634 7.92C25.9754 7.92 25.3674 8.176 24.8394 8.688C24.3274 9.2 24.0714 10.008 24.0714 11.112C24.0714 12.152 24.3114 12.944 24.7914 13.488C25.2714 14.032 25.8394 14.304 26.4954 14.304C27.3114 14.304 27.9514 13.96 28.4154 13.272C28.8954 12.584 29.1354 11.84 29.1354 11.04Z" fill="currentColor"></path><path d="M47.9589 16.512H41.9829V14.184H43.4229V10.416C43.4229 9.488 43.2629 8.824 42.9429 8.424C42.6389 8.024 42.1829 7.824 41.5749 7.824C40.8389 7.824 40.2709 8.056 39.8709 8.52C39.4709 8.968 39.2629 9.56 39.2469 10.296V14.184H40.6869V16.512H34.7109V14.184H36.1509V8.04H34.5909V5.688H39.2469V7.344C39.9669 6.096 41.1269 5.472 42.7269 5.472C43.7509 5.472 44.6389 5.776 45.3909 6.384C46.1429 6.992 46.5189 7.936 46.5189 9.216V14.184H47.9589V16.512Z" fill="currentColor"></path></svg></a><p>Your blueprint for a better internet.</p><ul class="social-icons"><li><a href="https://mastodon.social/@mdn" target="_blank" rel="me noopener noreferrer"><span class="icon icon-mastodon"></span><span class="visually-hidden">MDN on Mastodon</span></a></li><li><a href="https://twitter.com/mozdevnet" target="_blank" rel="noopener noreferrer"><span class="icon icon-twitter-x"></span><span class="visually-hidden">MDN on X (formerly Twitter)</span></a></li><li><a href="https://github.com/mdn/" target="_blank" rel="noopener noreferrer"><span class="icon icon-github-mark-small"></span><span class="visually-hidden">MDN on GitHub</span></a></li><li><a href="/en-US/blog/rss.xml" target="_blank"><span class="icon icon-feed"></span><span class="visually-hidden">MDN Blog RSS Feed</span></a></li></ul></div><div class="page-footer-nav-col-1"><h2 class="footer-nav-heading">MDN</h2><ul class="footer-nav-list"><li class="footer-nav-item"><a href="/en-US/about">About</a></li><li class="footer-nav-item"><a href="/en-US/blog/">Blog</a></li><li class="footer-nav-item"><a href="https://www.mozilla.org/en-US/careers/listings/?team=ProdOps" target="_blank" rel="noopener noreferrer">Careers</a></li><li class="footer-nav-item"><a href="/en-US/advertising">Advertise with us</a></li></ul></div><div class="page-footer-nav-col-2"><h2 class="footer-nav-heading">Support</h2><ul class="footer-nav-list"><li class="footer-nav-item"><a class="footer-nav-link" href="https://support.mozilla.org/products/mdn-plus">Product help</a></li><li class="footer-nav-item"><a class="footer-nav-link" href="/en-US/docs/MDN/Community/Issues">Report an issue</a></li></ul></div><div class="page-footer-nav-col-3"><h2 class="footer-nav-heading">Our communities</h2><ul class="footer-nav-list"><li class="footer-nav-item"><a class="footer-nav-link" href="/en-US/community">MDN Community</a></li><li class="footer-nav-item"><a class="footer-nav-link" href="https://discourse.mozilla.org/c/mdn/236" target="_blank" rel="noopener noreferrer">MDN Forum</a></li><li class="footer-nav-item"><a class="footer-nav-link" href="/discord" target="_blank" rel="noopener noreferrer">MDN Chat</a></li></ul></div><div class="page-footer-nav-col-4"><h2 class="footer-nav-heading">Developers</h2><ul class="footer-nav-list"><li class="footer-nav-item"><a class="footer-nav-link" href="/en-US/docs/Web">Web Technologies</a></li><li class="footer-nav-item"><a class="footer-nav-link" href="/en-US/docs/Learn">Learn Web Development</a></li><li class="footer-nav-item"><a class="footer-nav-link" href="/en-US/plus">MDN Plus</a></li><li class="footer-nav-item"><a href="https://hacks.mozilla.org/" target="_blank" rel="noopener noreferrer">Hacks Blog</a></li></ul></div><div class="page-footer-moz"><a href="https://www.mozilla.org/" class="footer-moz-logo-link" target="_blank" rel="noopener noreferrer"><svg xmlns="http://www.w3.org/2000/svg" width="137" height="32" fill="none" viewBox="0 0 267.431 62.607"><path fill="currentColor" d="m13.913 23.056 5.33 25.356h2.195l5.33-25.356h14.267v38.976h-7.578V29.694h-2.194l-7.264 32.337h-7.343L9.418 29.694H7.223v32.337H-.354V23.056Zm47.137 9.123c9.12 0 14.423 5.385 14.423 15.214s-5.33 15.214-14.423 15.214c-9.12 0-14.423-5.385-14.423-15.214 0-9.855 5.304-15.214 14.423-15.214m0 24.363c4.285 0 6.428-2.196 6.428-7.032v-4.287c0-4.836-2.143-7.032-6.428-7.032s-6.428 2.196-6.428 7.032v4.287c0 4.836 2.143 7.032 6.428 7.032m18.473-.157 15.47-18.01h-15.26v-5.647h24.352v5.646L88.616 56.385h15.704v5.646H79.523Zm29.318-23.657h11.183V62.03h-7.578V38.375h-3.632v-5.646zm3.605-9.672h7.578v5.646h-7.578zm13.17 0h11.21v38.976h-7.578v-33.33h-3.632zm16.801 0H153.6v38.976h-7.577v-33.33h-3.632v-5.646zm29.03 9.123c4.442 0 7.394 2.143 8.231 5.881h2.194v-5.332h9.276v5.646h-3.632v18.011h3.632v5.646h-4.442c-3.135 0-4.834-1.699-4.834-4.836V56.7h-2.194c-.81 3.738-3.789 5.881-8.23 5.881-6.978 0-11.916-5.829-11.916-15.214 0-9.384 4.938-15.187 11.915-15.187m2.3 24.363c4.284 0 6.192-2.196 6.192-7.032v-4.287c0-4.836-1.908-7.032-6.193-7.032-4.18 0-6.193 2.196-6.193 7.032v4.287c0 4.836 2.012 7.032 6.193 7.032m48.34 5.489h-7.577V0h7.577zm6.585-29.643h32.165v-2.196l-21.295-7.634v-6.143l21.295-7.633V6.588h-25.345V0h32.165v12.522l-17.35 5.881V20.6l17.35 5.882v12.521h-38.985zm0-25.801h6.794v6.796h-6.794z"></path></svg></a><ul class="footer-moz-list"><li class="footer-moz-item"><a href="https://www.mozilla.org/privacy/websites/" class="footer-moz-link" target="_blank" rel="noopener noreferrer">Website Privacy Notice</a></li><li class="footer-moz-item"><a href="https://www.mozilla.org/privacy/websites/#cookies" class="footer-moz-link" target="_blank" rel="noopener noreferrer">Cookies</a></li><li class="footer-moz-item"><a href="https://www.mozilla.org/about/legal/terms/mozilla" class="footer-moz-link" target="_blank" rel="noopener noreferrer">Legal</a></li><li class="footer-moz-item"><a href="https://www.mozilla.org/about/governance/policies/participation/" class="footer-moz-link" target="_blank" rel="noopener noreferrer">Community Participation Guidelines</a></li></ul></div><div class="page-footer-legal"><p id="license" class="page-footer-legal-text">Visit<!-- --> <a href="https://www.mozilla.org" target="_blank" rel="noopener noreferrer">Mozilla Corporation’s</a> <!-- -->not-for-profit parent, the<!-- --> <a target="_blank" rel="noopener noreferrer" href="https://foundation.mozilla.org/">Mozilla Foundation</a>.<br/>Portions of this content are ©1998–<!-- -->2025<!-- --> by individual mozilla.org contributors. Content available under<!-- --> <a href="/en-US/docs/MDN/Writing_guidelines/Attrib_copyright_license">a Creative Commons license</a>.</p></div></div></footer></div><script type="application/json" id="hydration">{"url":"/en-US/blog/goodbye-third-party-cookies/","blogMeta":{"slug":"goodbye-third-party-cookies","title":"Saying goodbye to third-party cookies in 2024","description":"The tail end of 2023 welcomes positive news for web privacy, as Chrome announces it is to join Firefox and Safari in deprecating third-party cookies in 2024. Find out more details about these changes, and what they mean for web developers.","image":{"file":"third-party-cookies-featured.png","alt":"Saying goodbye to third-party cookies in 2024 title. A vibrant gradient behind artwork of a cookie and a web browser.","source":null,"creator":null},"keywords":"cookies, browser, \"3rd party\", cross-site, privacy","sponsored":false,"date":"2023-12-08T00:00:00.000Z","author":{"name":"Chris Mills","link":"https://millsdocs.com/","avatar_url":"/en-US/blog/author/chris-mills/avatar.jpg"},"links":{"previous":{"title":"Baseline's evolution on MDN","slug":"baseline-evolution-on-mdn"},"next":{"title":"Build AI-powered applications using OpenLLM and Vultr Cloud GPU","slug":"build-ai-powered-apps-openllm-vultr-gpu"}},"readTime":8},"doc":{"body":[{"type":"prose","value":{"id":null,"title":null,"isH3":false,"content":"<p>The tail end of 2023 welcomes positive news for web privacy, as Chrome announces it is to join Firefox and Safari in deprecating third-party cookies in 2024 — starting with 1% of users from Q1 2024 to facilitate testing and ramping up from there.</p>\n<p>This article explains the issues behind third-party cookies, what has been done already to mitigate those issues, Chrome's plans to disable them starting in Q1 2024, and how this all affects web developers and the users of their products.</p>"}},{"type":"prose","value":{"id":"the_problem_with_cookies","title":"The problem with cookies","isH3":false,"content":"<p>Cookies have been around for a very long time on the web. In a nutshell, the idea is that a site can set a cookie on a user's browser via the <a href=\"/en-US/docs/Web/HTTP/Headers/Set-Cookie\"><code>Set-Cookie</code></a> response header once a resource has been requested. This cookie can contain whatever data strings the site owners wish, and is generally used to provide state to websites.</p>\n<p>For example, a cookie allows websites to retrieve information such as whether the user previously logged in, what they added to their shopping cart, their theme preferences and other personalization settings, saved game state, etc.</p>\n<div class=\"notecard note\">\n<p><strong>Note:</strong> Cookies used to be the primary method of storing client-side site data, although now more useful technologies exist for that purpose such as <a href=\"/en-US/docs/Web/API/Web_Storage_API\">Web Storage</a> and <a href=\"/en-US/docs/Web/API/IndexedDB_API\">IndexedDB</a>.</p>\n</div>\n<p>The above use cases can all be achieved with cookies set for documents existing on the same domain as the URL loaded in the browser. These are referred to as <em>first party cookies</em>.</p>\n<p>Problems can arise when cookies are set for components that exist on different domains than the embedding document, such as images, or other documents embedded via <a href=\"/en-US/docs/Web/HTML/Element/iframe\"><code>&lt;iframe&gt;</code></a>s. These cross-site cookies are commonly referred to as <em>third-party cookies</em>—but the behavior and potential issues are the same whether you own all the involved sites or not.</p>\n<p>Third-party components can store information in their cookies from any and all documents they are embedded in. The originating third-party domain can then get access to all those third-party cookies, aggregating information from each one. This may sound harmless at first, and there are many legitimate uses of third-party cookies — for example a company might want to share user login state and profile information across multiple sites that it owns that are on different domains, or record analytics across its different properties to investigate user journeys and build more usable experiences. An ad tech company might want to infer user interests from the sites they visit to serve them more relevant ads.</p>\n<p>However, in the worst cases, third-party cookies are used to track users around the web, building up a detailed profile of them that could include not only interests but also deeply personal information such as gender, sexuality, religion, political affiliation, etc. This information can be used to build creepy, invasive online experiences and is also sold to other third parties. In such cases, they are referred to as <em>tracking cookies</em>.</p>\n<p>Legislation such as the <a href=\"https://en.wikipedia.org/wiki/General_Data_Protection_Regulation\" class=\"external\" target=\"_blank\">General Data Privacy Regulation</a> (GDPR) in the European Union and the <a href=\"https://www.oag.ca.gov/privacy/ccpa\" class=\"external\" target=\"_blank\">California Consumer Privacy Act</a> (CCPA) have helped by making it a legal requirement for companies to be transparent about the cookies they set and the information they collect, for example by asking customers to opt in to such data collection, allowing them to see what data a company hold on them, and allowing them to delete it if they wish. However, it is still not always crystal clear to customers how their data is being used.</p>"}},{"type":"prose","value":{"id":"how_browsers_have_responded_to_this","title":"How browsers have responded to this","isH3":false,"content":"<p>Browser vendors such as Mozilla and Apple provide general defaults that block third-party cookies, while also including exceptions and heuristics in their source code to work around long-standing third-party cookie issues with popular websites.</p>\n<p>For example:</p>\n<ul>\n<li>Mozilla's <a href=\"https://wiki.mozilla.org/Security/Anti_tracking_policy\" class=\"external\" target=\"_blank\">Anti-tracking policy</a> has led to Firefox blocking third-party cookies from known trackers by default (see <a href=\"/en-US/docs/Web/Privacy/Firefox_tracking_protection\">Firefox tracking protection</a> and <a href=\"https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop\" class=\"external\" target=\"_blank\">Enhanced Tracking Protection</a>). Enhanced Tracking Protection can be set to Standard, Strict, or Custom. <a href=\"https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop#w_standard-enhanced-tracking-protection\" class=\"external\" target=\"_blank\">Standard mode</a> enables <a href=\"https://blog.mozilla.org/en/products/firefox/firefox-rolls-out-total-cookie-protection-by-default-to-all-users-worldwide/\" class=\"external\" target=\"_blank\">Total Cookie Protection</a>, which gives third-party cookies a separate cookie jar per site, thereby preventing cross-site tracking. In <a href=\"https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop#w_strict-enhanced-tracking-protection\" class=\"external\" target=\"_blank\">Strict mode</a>, Firefox blocks all third-party cookies.</li>\n<li>Apple also has a similar <a href=\"https://webkit.org/tracking-prevention-policy/\" class=\"external\" target=\"_blank\">Tracking prevention policy</a>; following this has led to a similar set of third-party cookie protections that are enabled by default; see <a href=\"https://webkit.org/tracking-prevention/#intelligent-tracking-prevention-itp\" class=\"external\" target=\"_blank\">Intelligent Tracking Prevention</a> (ITP) for details.</li>\n<li>The <a href=\"https://brave.com/\" class=\"external\" target=\"_blank\">Brave</a> browser also blocks tracking cookies by default.</li>\n</ul>\n<p>It is possible to allow usage of third-party cookies on a case-by-case basis in Firefox via browser settings. In Safari however, control is more limited — you can turn off cross-site tracking prevention, but allowing access to third-party cookies per frame can only be done at the code level, via the <a href=\"/en-US/docs/Web/API/Storage_Access_API\">Storage Access API</a>.</p>"}},{"type":"prose","value":{"id":"googles_longer_game","title":"Google's long(er) game","isH3":true,"content":"<p>This brings us on to Google who, from a cursory glance, seem to be slower off the mark than other browsers with regards to third-party cookie protection. At time of writing, third-party cookies are blocked only when in Incognito mode by default, although users can set Chrome to block third-party cookies all the time if they wish.</p>\n<div class=\"notecard note\">\n<p><strong>Note:</strong> Microsoft Edge also currently does not block third-party cookies by default.</p>\n</div>\n<p>Google's seemingly-slow response is a result of its vested interest in the business uses of third-party cookies, which includes advertising by a wide range of different organizations, including Google, as well as third-party authentication services and many other uses besides. Chrome also has a large share of the browser market which amplifies concern about the potential of breaking critical journeys for their user base, for example logging into government services or buying groceries.</p>\n<p>Rather than quickly going for a blanket disabling option, Google has opted for a more nuanced solution — phasing out third-party cookies more slowly while developing new technologies to ensure that valid use cases have a privacy-focused way forward after third-party cookies are disabled by default, rather than potentially motivating sites to move to more covert forms of tracking or moving content behind sign-ins and paywalls.</p>\n<p>These new web platform features are collected under the blanket of the <a href=\"https://developer.chrome.com/privacy-sandbox/\" class=\"external\" target=\"_blank\">Privacy Sandbox</a> project, and have already undergone much development and testing. Some now enjoy cross-browser support, for example the <a href=\"/en-US/docs/Web/API/Storage_Access_API\">Storage Access API</a>, paving the way towards better cross-browser consistency in handling cross-site cookies.</p>\n<p>These features have now reached the point where Google feels that they are mature enough to support their intended use cases, allowing Google to proceed to the step of starting to disable third-party cookies.</p>\n<p>Chrome will disable third-party cookies for 1% of users from Q1 2024 to facilitate testing, gradually ramping up to 100% of users from Q3 2024. Reaching the 100% figure depends on Google addressing any remaining competition concerns from the UK's <a href=\"https://www.gov.uk/cma-cases/investigation-into-googles-privacy-sandbox-browser-changes\" class=\"external\" target=\"_blank\">Competition and Markets Authority</a> (CMA).</p>"}},{"type":"prose","value":{"id":"how_this_affects_web_developers","title":"How this affects web developers","isH3":false,"content":"<p>As a result of this change, web developers may well experience higher volumes of users having broken experiences on their web properties, especially if they directly set third-party cookies, or use third-party services that set third-party cookies.</p>\n<p>To work around such issues, you are advised to:</p>\n<ol>\n<li>Audit your third-party cookie usage. Third party cookies have a <a href=\"/en-US/docs/Web/HTTP/Headers/Set-Cookie#samesitesamesite-value\"><code>SameSite=None</code></a> value set; you should therefore be able to identify them by searching for this setting in your browser DevTools, for example in the <a href=\"https://firefox-source-docs.mozilla.org/devtools-user/storage_inspector/\" class=\"external\" target=\"_blank\">Firefox Storage Inspector</a> or the <a href=\"https://developer.chrome.com/docs/devtools/application/cookies/\" class=\"external\" target=\"_blank\">Chrome Application panel</a>.</li>\n<li>Test functionality that uses third party cookies for breakage. You can set your browser to block third party cookies in its settings. Chrome 118+ also has a flag, <code>chrome://flags/#test-third-party-cookie-phaseout</code>, which when enabled will set Chrome to block third-party cookies and ensure that new functionality and mitigations are active in order to best simulate the state after the phase out.\n<ul>\n<li>You should validate if your <code>SameSite=None</code> cookies are really still needed. It's possible that they could have been marked as such to provide a quick fix in the past.</li>\n</ul>\n</li>\n<li>Fix critical functionality that is broken. There are various alternatives that may work for you, for example:\n<ul>\n<li>Initially at least, you could make your code more resilient so that it provides a less personalized experience when third party cookie data is not available rather than breaking altogether. Follow the principles of <a href=\"/en-US/docs/Glossary/Graceful_degradation\">graceful degradation</a>.</li>\n<li>You could choose to gather such data via alternative means, such as user surveys or quizzes, or looking at data you already have such as product order histories to infer trends.</li>\n<li>If your third-party cookies are only used across a small number of related, known websites, you could use the <a href=\"/en-US/docs/Web/API/Storage_Access_API\">Storage Access API</a> and/or <a href=\"https://developer.chrome.com/blog/related-website-sets/\" class=\"external\" target=\"_blank\">Related Website Sets</a> to allow cross-site cookie access only for those specific sites. Storage Access prompts the user to provide permission for a site to use third party cookies on a per-frame basis.\n<ul>\n<li>If you've already implemented a solution using the Storage Access API for Firefox or Safari then this is a good time to check your implementation against Chrome's behavior, which was updated to provide full support in version 119.</li>\n<li>Related Website Sets can be considered a progressive enhancement of the Storage Access API: The API can be used in just the same way, but sites in the set will not prompt users for permission to access third party cookies.</li>\n</ul>\n</li>\n<li>If your third-party cookies are being used on a 1:1 basis with the top-level sites they are generated on, you could use <a href=\"/en-US/docs/Web/Privacy/Privacy_sandbox/Partitioned_cookies\">Cookies Having Independent Partitioned State (CHIPS)</a>, also known as partitioned cookies, to opt your cookies into partitioned storage with a separate cookie jar per top-level site. This only requires adding the <code>partitioned</code> attribute to your existing cross-site cookies. They can then be used in an unrestricted fashion, but they can't be shared with other sites. Note that CHIPS is currently Chromium-only.</li>\n<li>You can start to explore the different features available in Google's Privacy Sandbox project to see if they fit your use case (these are currently Chromium-only). For example:\n<ul>\n<li><a href=\"/en-US/docs/Web/API/FedCM_API\">Federated Credential Management (FedCM) API</a>: Enables federated identity services allowing users to sign in to sites and services.</li>\n<li><a href=\"https://developer.chrome.com/docs/privacy-sandbox/private-state-tokens/\" class=\"external\" target=\"_blank\">Private State Tokens</a>: Enables anti-fraud and anti-spam by exchanging limited, non-identifying information across sites.</li>\n<li><a href=\"https://developer.chrome.com/docs/privacy-sandbox/topics/overview/\" class=\"external\" target=\"_blank\">Topics API</a>: Enables interest-based advertising and content personalization.</li>\n<li><a href=\"https://developer.chrome.com/docs/privacy-sandbox/protected-audience/\" class=\"external\" target=\"_blank\">Protected Audience API</a>: Enables remarketing and custom audiences.</li>\n<li><a href=\"https://developer.chrome.com/docs/privacy-sandbox/attribution-reporting/\" class=\"external\" target=\"_blank\">Attribution Reporting API</a>: Enables measurement of ad impressions and conversions.</li>\n</ul>\n</li>\n</ul>\n</li>\n</ol>"}},{"type":"prose","value":{"id":"summary","title":"Summary","isH3":false,"content":"<p>Getting rid of third-party cookies from the web has been a long time coming, and the story is not yet finished. However, Chrome's announcement is a big step towards making it happen. You can help — use the resources above to check whether your sites and apps could migrate away from using third-party cookies using the features available today. Spread the word on this to encourage others to do the same. And give browser vendors feedback on what's still missing.</p>\n<p>Note: The <code>developer.chrome.com</code> article <a href=\"https://developer.chrome.com/blog/cookie-countdown-2023oct/\" class=\"external\" target=\"_blank\">Preparing for the end of third-party cookies</a> has more information about testing from a Chrome point of view, and how to use privacy sandbox technologies to work around your issues.</p>"}}],"mdn_url":"/en-US/blog/goodbye-third-party-cookies/","native":"English (US)","locale":"en-US","noIndexing":false,"pageTitle":"Saying goodbye to third-party cookies in 2024 | MDN Blog","summary":"The tail end of 2023 welcomes positive news for web privacy, as Chrome announces it is to join Firefox and Safari in deprecating third-party cookies in 2024. Find out more details about these changes, and what they mean for web developers.","title":"Saying goodbye to third-party cookies in 2024","toc":[{"text":"The problem with cookies","id":"the_problem_with_cookies"},{"text":"How browsers have responded to this","id":"how_browsers_have_responded_to_this"},{"text":"How this affects web developers","id":"how_this_affects_web_developers"},{"text":"Summary","id":"summary"}]}}</script></body></html>

Pages: 1 2 3 4 5 6 7 8 9 10