'SameSite' cookie attribute

- OTHER

Same-site cookies ("First-Party-Only" or "First-Party") allow servers to mitigate the risk of CSRF and information leakage attacks by asserting that a particular cookie should only be sent with requests initiated from the same registrable domain.

IE

  1. 5.5 - 10: Not supported
  2. 11: Partial support

Edge

  1. 12 - 15: Not supported
  2. 16 - 17: Supported
  3. 18 - 84: Supported
  4. 85: Supported

Firefox

  1. 2 - 59: Not supported
  2. 60 - 79: Supported
  3. 80: Supported
  4. 81 - 82: Supported

Chrome

  1. 4 - 50: Not supported
  2. 51 - 79: Supported
  3. 80 - 84: Supported
  4. 85: Supported
  5. 86 - 88: Supported

Safari

  1. 3.1 - 11.1: Not supported
  2. 12 - 13.1: Partial support
  3. 14: Partial support
  4. TP: Supported

Opera

  1. 9 - 38: Not supported
  2. 39 - 69: Supported
  3. 70: Supported

iOS Safari

  1. 3.2 - 11.4: Not supported
  2. 12 - 12.4: Partial support
  3. 13 - 13.7: Supported
  4. 14.0: Supported

Opera Mini

  1. all: Not supported

Android Browser

  1. 2.1 - 4.4.4: Not supported
  2. 81: Supported

Blackberry Browser

  1. 7: Not supported
  2. 10: Not supported

Opera Mobile

  1. 10 - 12.1: Not supported
  2. 46: Supported

Chrome for Android

  1. 85: Supported

Firefox for Android

  1. 79: Supported

IE Mobile

  1. 10: Not supported
  2. 11: Not supported

UC Browser for Android

  1. 12.12: Not supported

Samsung Internet

  1. 4: Not supported
  2. 5 - 11.2: Supported
  3. 12.0: Supported

QQ Browser

  1. 10.4: Support unknown

Baidu Browser

  1. 7.12: Supported

KaiOS Browser

  1. 2.5: Not supported

This feature is backwards compatible. Browsers not supporting this feature will simply use the cookie as a regular cookie. There is no need to deliver different cookies to clients.

Resources:
Preventing CSRF with the same-site cookie attribute
MS Edge dev blog: "Previewing support for same-site cookies in Microsoft Edge"
Mozilla Bug #1286861, includes the patches that landed SameSite support in Firefox
Mozilla Bug #1551798: Prototype SameSite=Lax by default
Mozilla Bug #795346: Add SameSite support for cookies
Microsoft Edge Browser Status
Same-site cookies demonstration by Rowan Merewood
Microsoft Edge feature request on UserVoice