{ "title":"'SameSite' cookie attribute", "description":"Same-site cookies (\"First-Party-Only\" or \"First-Party\") allow servers to mitigate the risk of CSRF and information leakage attacks by asserting that a particular cookie should only be sent with requests initiated from the same registrable domain.", "spec":"https://tools.ietf.org/html/draft-west-first-party-cookies-06", "status":"other", "links":[ { "url":"http://www.sjoerdlangkemper.nl/2016/04/14/preventing-csrf-with-samesite-cookie-attribute/", "title":"Preventing CSRF with the same-site cookie attribute" }, { "url":"https://bugzilla.mozilla.org/show_bug.cgi?id=795346", "title":"Mozilla Bug #795346: Add SameSite support for cookies" }, { "url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1286861", "title":"Mozilla Bug #1286861, includes the patches that landed SameSite support in Firefox" }, { "url":"https://wpdev.uservoice.com/forums/257854-microsoft-edge-developer/suggestions/17140412-support-samesite-cookie-option", "title":"Microsoft Edge feature request on UserVoice" }, { "url":"https://developer.microsoft.com/en-us/microsoft-edge/platform/status/samesitecookies/", "title":"Microsoft Edge Browser Status" }, { "url":"https://blogs.windows.com/msedgedev/2018/05/17/samesite-cookies-microsoft-edge-internet-explorer/", "title":"MS Edge dev blog: \"Previewing support for same-site cookies in Microsoft Edge\"" } ], "bugs":[ ], "categories":[ "Security" ], "stats":{ "ie":{ "5.5":"n", "6":"n", "7":"n", "8":"n", "9":"n", "10":"n", "11":"a #1 #2" }, "edge":{ "12":"n", "13":"n", "14":"n", "15":"n", "16":"y #1", "17":"y #1", "18":"y", "76":"y" }, "firefox":{ "2":"n", "3":"n", "3.5":"n", "3.6":"n", "4":"n", "5":"n", "6":"n", "7":"n", "8":"n", "9":"n", "10":"n", "11":"n", "12":"n", "13":"n", "14":"n", "15":"n", "16":"n", "17":"n", "18":"n", "19":"n", "20":"n", "21":"n", "22":"n", "23":"n", "24":"n", "25":"n", "26":"n", "27":"n", "28":"n", "29":"n", "30":"n", "31":"n", "32":"n", "33":"n", "34":"n", "35":"n", "36":"n", "37":"n", "38":"n", "39":"n", "40":"n", "41":"n", "42":"n", "43":"n", "44":"n", "45":"n", "46":"n", "47":"n", "48":"n", "49":"n", "50":"n", "51":"n", "52":"n", "53":"n", "54":"n", "55":"n", "56":"n", "57":"n", "58":"n", "59":"n", "60":"y", "61":"y", "62":"y", "63":"y", "64":"y", "65":"y", "66":"y", "67":"y", "68":"y", "69":"y", "70":"y", "71":"y" }, "chrome":{ "4":"n", "5":"n", "6":"n", "7":"n", "8":"n", "9":"n", "10":"n", "11":"n", "12":"n", "13":"n", "14":"n", "15":"n", "16":"n", "17":"n", "18":"n", "19":"n", "20":"n", "21":"n", "22":"n", "23":"n", "24":"n", "25":"n", "26":"n", "27":"n", "28":"n", "29":"n", "30":"n", "31":"n", "32":"n", "33":"n", "34":"n", "35":"n", "36":"n", "37":"n", "38":"n", "39":"n", "40":"n", "41":"n", "42":"n", "43":"n", "44":"n", "45":"n", "46":"n", "47":"n", "48":"n", "49":"n", "50":"n", "51":"y", "52":"y", "53":"y", "54":"y", "55":"y", "56":"y", "57":"y", "58":"y", "59":"y", "60":"y", "61":"y", "62":"y", "63":"y", "64":"y", "65":"y", "66":"y", "67":"y", "68":"y", "69":"y", "70":"y", "71":"y", "72":"y", "73":"y", "74":"y", "75":"y", "76":"y", "77":"y", "78":"y", "79":"y", "80":"y" }, "safari":{ "3.1":"n", "3.2":"n", "4":"n", "5":"n", "5.1":"n", "6":"n", "6.1":"n", "7":"n", "7.1":"n", "8":"n", "9":"n", "9.1":"n", "10":"n", "10.1":"n", "11":"n", "11.1":"n", "12":"y", "12.1":"y", "13":"y", "TP":"y" }, "opera":{ "9":"n", "9.5-9.6":"n", "10.0-10.1":"n", "10.5":"n", "10.6":"n", "11":"n", "11.1":"n", "11.5":"n", "11.6":"n", "12":"n", "12.1":"n", "15":"n", "16":"n", "17":"n", "18":"n", "19":"n", "20":"n", "21":"n", "22":"n", "23":"n", "24":"n", "25":"n", "26":"n", "27":"n", "28":"n", "29":"n", "30":"n", "31":"n", "32":"n", "33":"n", "34":"n", "35":"n", "36":"n", "37":"n", "38":"n", "39":"y", "40":"y", "41":"y", "42":"y", "43":"y", "44":"y", "45":"y", "46":"y", "47":"y", "48":"y", "49":"y", "50":"y", "51":"y", "52":"y", "53":"y", "54":"y", "55":"y", "56":"y", "57":"y", "58":"y", "60":"y", "62":"y" }, "ios_saf":{ "3.2":"n", "4.0-4.1":"n", "4.2-4.3":"n", "5.0-5.1":"n", "6.0-6.1":"n", "7.0-7.1":"n", "8":"n", "8.1-8.4":"n", "9.0-9.2":"n", "9.3":"n", "10.0-10.2":"n", "10.3":"n", "11.0-11.2":"n", "11.3-11.4":"n", "12.0-12.1":"y", "12.2-12.3":"y", "13":"y" }, "op_mini":{ "all":"n" }, "android":{ "2.1":"n", "2.2":"n", "2.3":"n", "3":"n", "4":"n", "4.1":"n", "4.2-4.3":"n", "4.4":"n", "4.4.3-4.4.4":"n", "76":"y" }, "bb":{ "7":"n", "10":"n" }, "op_mob":{ "10":"n", "11":"n", "11.1":"n", "11.5":"n", "12":"n", "12.1":"n", "46":"y" }, "and_chr":{ "76":"y" }, "and_ff":{ "68":"y" }, "ie_mob":{ "10":"n", "11":"n" }, "and_uc":{ "12.12":"n" }, "samsung":{ "4":"n", "5.0-5.4":"y", "6.2-6.4":"y", "7.2-7.4":"y", "8.2":"y", "9.2":"y" }, "and_qq":{ "1.2":"n" }, "baidu":{ "7.12":"y" }, "kaios":{ "2.5":"n" } }, "notes":"This feature is backwards compatible. Browsers not supporting this feature will simply use the cookie as a regular cookie. There is no need to deliver different cookies to clients.", "notes_by_num":{ "1":"Not shipped with the inital release but later with the 2018 June security update (Patch Tuesday) to Windows 10 RS3 (2017 Fall Creators Update) and newer. [More info](https://github.com/MicrosoftEdge/Status/issues/616).", "2":"Partial support because only supported in IE 11 on Windows 10 RS3 (2017 Fall Creators Update) and newer, but not in IE 11 on other Windows versions (Windows 7, ...)" }, "usage_perc_y":86.58, "usage_perc_a":1.74, "ucprefix":false, "parent":"", "keywords":"security,cookies,cookie,csrf", "ie_id":"", "chrome_id":"4672634709082112", "firefox_id":"", "webkit_id":"", "shown":true }