๐Ÿช Cookie Partitioning Auditor

Your cookies are being silently blocked.
Find out which ones and fix them.

Chrome, Safari, and Firefox now block unpartitioned cross-site cookies. Paste your URL โ€” Cookie Partitioning Auditor fetches your live Set-Cookie headers and generates the CHIPS-compliant fix for each one.

๐Ÿšซ Browser enforcement is active
Chrome 118+ Blocks SameSite=None cookies without Partitioned in third-party context
Safari ITP Has blocked unpartitioned third-party cookies since 2017 โ€” Intelligent Tracking Prevention
Firefox Total Cookie Protection partitions all third-party cookies by default since Firefox 86
URL to audit
Fetches Set-Cookie headers from your URL's direct response. Works with login endpoints and API routes that set cookies directly โ€” not redirect-based cookie setters.
โ–ถ Try: SameSite=None example (Critical)
Fetching headers...
Fix output for stack
What CHIPS compliance means
What is CHIPS?
Cookies Having Independent Partitioned State. A browser standard that allows cross-site cookies to exist but scopes them to the top-level site. A cookie set by widget.com on site-a.com is separate from the same cookie set on site-b.com.
Which cookies are affected?
Only cookies accessed in a third-party context โ€” when your domain is embedded in an iframe, loaded as a resource, or called via fetch from another site. First-party cookies (same site) are not affected.
The fix
Add the Partitioned attribute to any SameSite=None; Secure cookie that needs to work in third-party context. Without it, Chrome 118+ silently drops the cookie. The user sees no error.
Why it's hard to detect
The cookie is set successfully in first-party context. The failure only happens when your site is embedded elsewhere. No console error on your own domain โ€” only on the embedding site. This tool surfaces the risk before it bites.
Common questions
Do I need to add Partitioned to all my cookies?
No โ€” only cookies that need to work in a third-party context. If your site is never embedded in iframes and never called cross-site, your existing cookies work fine. Add Partitioned only to cookies set by embeds, widgets, or APIs called from other origins.
What's the difference between SameSite=None and Partitioned?
SameSite=None allows the cookie to be sent in cross-site requests. Partitioned scopes the cookie storage to the top-level site โ€” so the cookie from site-a.com and site-b.com are stored separately. Without Partitioned, SameSite=None cookies are blocked in Chrome 118+ in third-party context.
Does adding Partitioned break anything?
It changes the cookie scope โ€” if you rely on a single shared cookie value across multiple embedding sites (cross-site tracking), Partitioned breaks that by design. For legitimate use cases (session state in an embedded widget), it works correctly.
Why does this tool only audit response cookies, not third-party context?
This tool fetches your URL directly and reads the Set-Cookie headers. It can flag cookies with SameSite=None missing Partitioned โ€” the pattern that causes failures. To test actual third-party cookie blocking, embed your URL in an iframe on a different domain and check the Application tab in DevTools.
You might also need
๐Ÿ”’ HeadersFixerAudit all security headers including SameSite enforcement ๐Ÿ”€ CORSFixerFix CORS errors that often accompany cross-site cookie issues ๐Ÿ“‹ Pre-Launch Checklist20 HTTP checks before you ship

Done with this tool?

20 HTTP checks before you ship โ€” security, CORS, cache, redirects, staging.

Pre-Launch Checklist โ†’
๐Ÿ“– CHIPS: The Complete Guide to Partitioned Cookies โ†’