Understanding CHIPS- Cookies Having Independent Partitioned State and Partitioned ThirdParty Cookies
Вставка
- Опубліковано 7 вер 2024
- Join this channel to get access to perks:
/ @tech-forum
#browser #privacy #google #web #api #ad #adtech #dsp #ssp #3pc #conversion #cookies #sso #remarketing #marketing #chrome
developers.goo...
chrome://flags/#privacy-sandbox-ads-apis.
chrome://flags/#test-third-party-cookie-phaseout
The CHIPS allows developers to opt a cookie into partitioned storage, with separate cookie jars per top-level site, improving user privacy and security.
Without partitioning, third-party cookies can enable services to track users and join their information from across many unrelated top-level sites. This is known as cross-site tracking.
Browsers are well under way in phasing out unpartitioned third-party cookies, CHIPS allows to enable partioned thrird party cokkies that is accessible only to the top level context.
Without cookie partitioning, a third-party service can set a cookie when embedded in one top-level site and access that same cookie when the service is embedded in other top-level sites.
CHIPS introduces a new cookie attribute, Partitioned, to support cross-site cookies that are partitioned by top-level context.
A partitioned third-party cookie is tied to the top-level site where it's initially set and cannot be accessed from elsewhere. This way cookies set by a third-party service can only be read within the same embedded context of the top-level site where they were initially set.
With cookie partitioning, a third-party service that sets a cookie when embedded in one top-level site cannot access that same cookie when the service is embedded in other top-level sites.
With partitioned cookies, when a user visits site A and embedded content from site C sets a cookie with the Partitioned attribute, the cookie is saved in a partitioned jar designated only for cookies that the site C sets when it's embedded on site A. The browser will only send that cookie when the top-level site is A.
When the user visits a new site, for example site B, an embedded C frame will not receive the cookie that was set when C was embedded in site A.
If a user visits site C as a top level website, the partitioned cookie that C set when it was embedded in A will not be sent in that request either.
Partitioned cookies must be set with Secure.
It is recommended to use the __Host prefix when setting partitioned cookies to make them bound to the hostname (and not the registrable domain).
SameSite=None should be specified in Chrome as SameSite=Lax is default
CHIPS supports bascic thrird party cookie scenarios, through partitioned cookies means the cookie is only availble to the top domain from which the cookie was set. e.g - Third-party chat embeds, CDNs that use cookies to serve content,Third-party payment embeds, Third-party map embeds, Front-end frameworks that rely on remote APIs using cookies on their requests
The Storage Access API and the associated Related Website Sets (RWS) are web platform mechanisms to enable limited cross-site cookie access for specific, user-facing purposes.
These are alternatives to CHIPS partitioning where access to cross-site, unpartitioned cookes is required.
