1. 'SameSite' cookie attribute

    Same-site cookies ("First-Party-Only" or "First-Party") allow servers to mitigate the risk of CSRF and information leakage attacks by asserting that a particular cookie should only be sent with requests initiated from the same registrable domain.

  2. sharedworker api: `sharedworker()` constructor: `options.samesitecookies` parameter

  3. headers http header: set-cookie: samesite: `samesite=lax`

  4. headers http header: set-cookie: samesite: defaults to `lax`

  5. headers http header: set-cookie: samesite: `samesite=none`

  6. headers http header: set-cookie: samesite: secure attribute required if `samesite=none`

  7. headers http header: set-cookie: samesite: url scheme-aware ("schemeful")

  8. headers http header: set-cookie: samesite: `samesite=strict`