You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
By requiring the __Host- prefix, this proposal makes partitioned cookies scheme- and hostname-bound.
However, even cookies with the __Host- prefix can still be sent to different ports (though this may change if [Origin-Bound Cookies](https://github.com/sbingler/Origin-Bound-Cookies) is enabled).
Like all other cookies, partitioned cookies can be shared across different subdomains using the Domain attribute.
Partitioned cookies require Secure, so they are not accessible in insecure origins.
In an effort to bring cookies closer to using origin as the security boundary, we previously proposed that partitioned cookies be required to be scheme- and hostname-bound, unlike other cookies.
However, we received feedback from site authors that this would make it too cumbersome to migrate legacy systems to the more privacy-forward partitioned cookies.
In order to alleviate this concern, we have since removed that requirement.
