NovaBlockNovaBlock
All terms

SameSite Cookies

A cookie attribute that controls whether the cookie is sent on cross-site requests.

Updated 10 February 2026

The SameSite attribute has three values: Strict (never sent cross-site), Lax (sent on top-level navigation, the modern default) and None (always sent, which now requires Secure). It was designed to blunt CSRF and reduce third-party cookie exposure.

SameSite=Lax as the browser default broke a lot of legacy cross-site auth flows and shifted the ad-tech industry toward server-side tagging and first-party contexts.

Related terms