canisoon

'SameSite' cookie attribute

92.85

Security

Same-site cookies ("First-Party-Only" or "First-Party") allow servers to mitigate the risk of CSRF and information leakage attacks by asserting that a particular cookie should only be sent with requests initiated from the same registrable domain.

Further reading:

  1. Can I use page for: 'SameSite' cookie attribute
  2. Preventing CSRF with the same-site cookie attribute
  3. Mozilla Bug #795346: Add SameSite support for cookies
  4. Mozilla Bug #1286861, includes the patches that landed SameSite support in Firefox
  5. Microsoft Edge feature request on UserVoice
  6. Microsoft Edge Browser Status
  7. MS Edge dev blog: "Previewing support for same-site cookies in Microsoft Edge"
  8. Mozilla Bug #1551798: Prototype SameSite=Lax by default
  9. Same-site cookies demonstration by Rowan Merewood