'SameSite' cookie attribute

Same-site cookies ("First-Party-Only" or "First-Party") allow servers to mitigate the risk of CSRF and information leakage attacks by asserting that a particular cookie should only be sent with requests initiated from the same registrable domain.

Chrome

4 - 50: Not supported
51 - 79: Supported
80 - 110: Supported
111: Supported
112 - 114: Supported

Edge

12 - 15: Not supported
16 - 17: Supported
18 - 85: Supported
86 - 110: Supported
111: Supported

Safari

3.1 - 11.1: Not supported
12 - 13.1: Partial support
14 - 14.1: Partial support
15 - 16.2: Supported
16.3: Supported
16.4 - TP: Supported

Firefox

2 - 59: Not supported
60 - 110: Supported
111: Supported
112 - 113: Supported

Opera

9 - 38: Not supported
39 - 70: Supported
71 - 94: Supported
95: Supported

IE

5.5 - 10: Not supported
11: Partial support

Chrome for Android

111: Supported

Safari on iOS

3.2 - 11.4: Not supported
12 - 12.5: Partial support
13 - 16.2: Supported
16.3: Supported
16.4: Supported

Samsung Internet

4: Not supported
5 - 19.0: Supported
20: Supported

Opera Mini

all: Not supported

Opera Mobile

10 - 12.1: Not supported
73: Supported

UC Browser for Android

13.4: Not supported

Android Browser

2.1 - 4.4.4: Not supported
111: Supported

Firefox for Android

110: Supported

QQ Browser

13.1: Support unknown

Baidu Browser

13.18: Supported

KaiOS Browser

2.5: Not supported
3: Supported

This feature is backwards compatible. Browsers not supporting this feature will simply use the cookie as a regular cookie. There is no need to deliver different cookies to clients.

Resources:: MS Edge dev blog: "Previewing support for same-site cookies in Microsoft Edge"; Mozilla Bug #1286861, includes the patches that landed SameSite support in Firefox; Mozilla Bug #1551798: Prototype SameSite=Lax by default; Mozilla Bug #795346: Add SameSite support for cookies; Microsoft Edge Browser Status; Same-site cookies demonstration by Rowan Merewood; Preventing CSRF with the same-site cookie attribute