Fix: Chrome Blocking Third-Party Cookies
Updated April 2026
Audit your cookies automatically.
Cookie Partitioning Auditor →
Chrome 118+ enforces cookie partitioning. Cookies set with SameSite=None without the Partitioned attribute are silently blocked when accessed in third-party context.
Which Chrome version changed this?
| Chrome version | Change |
|---|---|
| Chrome 80 (Feb 2020) | SameSite=None requires Secure |
| Chrome 118 (Oct 2023) | Partitioned attribute enforced for third-party cookies |
| Chrome 120+ (2024) | CHIPS fully enforced, third-party cookies blocked by default |
How to check if you're affected
# Open Chrome DevTools on the embedding page (not your page) # Application tab → Cookies → look for blocked cookies # Or check Console for: # "Cookie 'session' has been blocked because it is not partitioned"
Fix 1 — Add Partitioned attribute (recommended)
If your cookie genuinely needs to work in third-party context (embedded widgets, cross-site auth), add Partitioned:
Set-Cookie: session=abc; SameSite=None; Secure; Partitioned; Path=/
Fix 2 — Switch to first-party storage
If the embedding site is yours (you control both the parent and iframe domains), use first-party alternatives:
- postMessage — communicate between frames without cookies
- Storage Access API — request access to unpartitioned storage in iframe context
- Related Website Sets — group related domains to share cookies
Fix 3 — Remove SameSite=None if not needed
If the cookie doesn't need to work cross-site at all, change to SameSite=Lax (the browser default). This is the safest option and requires no Partitioned attribute:
Set-Cookie: session=abc; SameSite=Lax; Secure; HttpOnly; Path=/
Safari ITP and Firefox have been blocking unpartitioned third-party cookies longer than Chrome. If you're only seeing this in Chrome now, Safari users have been broken for years.
Audit your cookies → Cookie Partitioning Auditor