'SameSite' cookie attribute

- OTHER

Same-site cookies ("First-Party-Only" or "First-Party") allow servers to mitigate the risk of CSRF and information leakage attacks by asserting that a particular cookie should only be sent with requests initiated from the same registrable domain.

Chrome

  1. 4 - 50: Not supported
  2. 51 - 79: Supported
  3. 80 - 107: Supported
  4. 108: Supported
  5. 109 - 111: Supported

Edge

  1. 12 - 15: Not supported
  2. 16 - 17: Supported
  3. 18 - 85: Supported
  4. 86 - 106: Supported
  5. 107: Supported

Safari

  1. 3.1 - 11.1: Not supported
  2. 12 - 13.1: Partial support
  3. 14 - 14.1: Partial support
  4. 15 - 16.0: Supported
  5. 16.1: Supported
  6. 16.2 - TP: Supported

Firefox

  1. 2 - 59: Not supported
  2. 60 - 106: Supported
  3. 107: Supported
  4. 108 - 109: Supported

Opera

  1. 9 - 38: Not supported
  2. 39 - 70: Supported
  3. 71 - 91: Supported
  4. 92: Supported

IE

  1. 5.5 - 10: Not supported
  2. 11: Partial support

Chrome for Android

  1. 107: Supported

Safari on iOS

  1. 3.2 - 11.4: Not supported
  2. 12 - 12.5: Partial support
  3. 13 - 16.0: Supported
  4. 16.1: Supported

Samsung Internet

  1. 4: Not supported
  2. 5 - 18.0: Supported
  3. 19.0: Supported

Opera Mini

  1. all: Not supported

Opera Mobile

  1. 10 - 12.1: Not supported
  2. 72: Supported

UC Browser for Android

  1. 13.4: Not supported

Android Browser

  1. 2.1 - 4.4.4: Not supported
  2. 107: Supported

Firefox for Android

  1. 106: Supported

QQ Browser

  1. 13.1: Support unknown

Baidu Browser

  1. 13.18: Supported

KaiOS Browser

  1. 2.5: Not supported

This feature is backwards compatible. Browsers not supporting this feature will simply use the cookie as a regular cookie. There is no need to deliver different cookies to clients.

Resources:
MS Edge dev blog: "Previewing support for same-site cookies in Microsoft Edge"
Mozilla Bug #1286861, includes the patches that landed SameSite support in Firefox
Mozilla Bug #1551798: Prototype SameSite=Lax by default
Mozilla Bug #795346: Add SameSite support for cookies
Microsoft Edge Browser Status
Same-site cookies demonstration by Rowan Merewood
Preventing CSRF with the same-site cookie attribute