Same_Site cookie attribute

How to set the Same_Site cookie attribute?

Nelson
Written by NelsonLast update 1 month ago

The Same_Site cookie attribute signals browsers how first-party and third-party cookies should be handled. Browsers can either allow or block such cookies depending on the attribute and scenario.

Read more about Same_Site cookies at the developer guide.

You can choose how to set CookieScript cookie Same_site attribute.

Go to your CookieScript user account > Settings > Cookie behavior, where you will find the SAME_SITE FOR CONSENT COOKIE tab. From the dropdown list, select the value of the Same_Site cookie attribute:

The possible attribute values are:

  • Lax

  • Strict

  • None

  • Default.

The Lax attribute means that the cookie is sent when a user is navigating to the origin site from an external site (for example, when following a link). This attribute is not sent on cross-site requests, such as on requests to load images or frames. This is the default behavior if the Same_Site attribute is not specified.

The Strict attribute means that the browser sends the cookie only for same-site requests, originating from the same site that set the cookie. If a request originates from a different domain (or scheme within the same domain), no cookies with the strict attribute will be sent.

The None attribute means that the browser sends the cookie for both cross-site and same-site requests. When setting this attribute value, the Secure attribute must also be set:

SameSite=None; Secure.

If Secure is missing, you will get an error.

Note: A Secure cookie is only sent to the server with an encrypted request over the HTTPS protocol. Note that insecure sites (starting with http:) can't set cookies with the Secure attribute, and therefore can't use the None attribute.

 

If you are not sure what to set, leave the Default value of the attribute.

Did this answer your question?