'SameSite' cookie attribute

- OTHER

Same-site cookies ("First-Party-Only" or "First-Party") allow servers to mitigate the risk of CSRF and information leakage attacks by asserting that a particular cookie should only be sent with requests initiated from the same registrable domain.

IE

  1. 5.5 - 10: Not supported
  2. 11: Partial support

Edge

  1. 12 - 15: Not supported
  2. 16 - 17: Supported
  3. 18 - 79: Supported
  4. 80: Supported

Firefox

  1. 2 - 59: Not supported
  2. 60 - 72: Supported
  3. 73: Supported
  4. 74 - 75: Supported

Chrome

  1. 4 - 50: Not supported
  2. 51 - 79: Supported
  3. 80: Supported
  4. 81 - 83: Supported

Safari

  1. 3.1 - 11.1: Not supported
  2. 12 - 12.1: Partial support
  3. 13: Partial support
  4. TP: Partial support

Opera

  1. 9 - 38: Not supported
  2. 39 - 65: Supported
  3. 66: Supported

iOS Safari

  1. 3.2 - 11.4: Not supported
  2. 12 - 12.4: Partial support
  3. 13: Supported
  4. 13.2: Supported
  5. 13.3: Supported

Opera Mini

  1. all: Not supported

Android Browser

  1. 2.1 - 4.4.4: Not supported
  2. 80: Supported

Blackberry Browser

  1. 7: Not supported
  2. 10: Not supported

Opera Mobile

  1. 10 - 12.1: Not supported
  2. 46: Supported

Chrome for Android

  1. 80: Supported

Firefox for Android

  1. 68: Supported

IE Mobile

  1. 10: Not supported
  2. 11: Not supported

UC Browser for Android

  1. 12.12: Not supported

Samsung Internet

  1. 4: Not supported
  2. 5 - 9.2: Supported
  3. 10.1: Supported

QQ Browser

  1. 1.2: Not supported

Baidu Browser

  1. 7.12: Supported

KaiOS Browser

  1. 2.5: Not supported

This feature is backwards compatible. Browsers not supporting this feature will simply use the cookie as a regular cookie. There is no need to deliver different cookies to clients.

Resources:
Preventing CSRF with the same-site cookie attribute
MS Edge dev blog: "Previewing support for same-site cookies in Microsoft Edge"
Mozilla Bug #1286861, includes the patches that landed SameSite support in Firefox
Mozilla Bug #1551798: Prototype SameSite=Lax by default
Mozilla Bug #795346: Add SameSite support for cookies
Microsoft Edge Browser Status
Same-site cookies demonstration by Rowan Merewood
Microsoft Edge feature request on UserVoice