SameSite Cookies
A cookie attribute that controls whether the cookie is sent on cross-site requests.
The SameSite attribute has three values: Strict (never sent cross-site), Lax (sent on top-level navigation, the modern default) and None (always sent, which now requires Secure). It was designed to blunt CSRF and reduce third-party cookie exposure.
SameSite=Lax as the browser default broke a lot of legacy cross-site auth flows and shifted the ad-tech industry toward server-side tagging and first-party contexts.
Related terms
A small piece of data a website stores in your browser to remember state between requests.
Tricking a logged-in user's browser into sending an unwanted authenticated request to another site.
A cookie set by a domain other than the one in the address bar, used to track users across sites.
