Notification

Planning your return to office strategy? See how ChromeOS can help.

Allow or restrict third-party cookies

For administrators who manage Chrome browser or ChromeOS devices for a business or school.

As per previously announced plans, Chrome is restricting third-party cookies by default for 1% of Chrome users to facilitate testing, and then plans to ramp up to 100% of users in H2 2024. The ramp up to 100% of users is subject to addressing any remaining competition concerns of the UK's Competition and Markets Authority (CMA).

Chrome recently introduced Tracking Protection, a new feature that limits cross-site tracking by restricting website access to third-party cookies by default. Tracking Protection is a key part of the Privacy Sandbox initiative, which focuses on reducing cross-site tracking while still enabling the functionality that keeps online content and services freely accessible by everyone.

Chrome Enterprise users

Most Enterprise users should be excluded from the 1% experiment group automatically; however, we recommend that admins proactively use the BlockThirdPartyCookies and CookiesAllowedForUrls policies. More detail below on how to toggle these settings. This will give enterprises and their software providers time to make the changes required to adapt to third-party cookie restrictions in Chrome.

Enterprise-managed Chrome always has unique requirements compared to general web usage and we will be ensuring that Enterprise administrators have appropriate controls over third-party cookies in their browsers.

Users not covered by Enterprise policies

End users who are not covered by either of the Enterprise policies above can also use the "eye" icon in the address bar to temporarily re-enable third-party cookies for 90 days on a given site when necessary. Users may also re-enable cookies for specific sites by following these instructions.

Test and report breakage

You can proactively test your site or service to find breakage. Report breakage as a result of third-party cookie deprecation. If the breakage is found in the software of a third-party provider, you are encouraged to share third-party cookie deprecation resources with them. Third-party service providers are able to enroll in a deprecation trial to allow their third-party cookies to work on sites while they migrate to more durable long-term solutions.

Set the policies

There are two main Chrome policies for users or browsers to allow or restrict third-party cookies broadly or for specific sites:

  • BlockThirdPartyCookiesThird-party cookie blocking
  • CookiesAllowedForUrlsCookiesand thenAllow cookies for URL patterns

Allow or restrict all third-party cookies

Use the BlockThirdPartyCookies policy to allow or restrict all third-party cookies. The policy can be set to one of the following values:

  • true—Block third-party cookies
  • false—Allow third-party cookies
  • not set—Follow the Chrome default, but allow the user to change this setting

Allow third-party cookies from specific URLs

The CookiesAllowedForURLs policy allows Enterprise admins to specify which URLs they want to grant third-party cookie access for. This is a more targeted approach and can be done after setting the BlockThirdPartyCookies policy to true to restrict all third-party cookies.

For example, if you want to allow the service thirdparty.example and its subdomains to be able to access third-party cookies wherever it’s embedded, add [*.]thirdparty.example to the CookiesAllowedForUrls policy.

Allow third-party cookies on specific sites

First, set the BlockThirdPartyCookies policy to true to restrict all third-party cookies. Then, set specific top-level sites to allow third-party cookies by adding each of them with a comma-separated third-party/top-level site pair to the CookiesAllowedForUrls policy. You can also allow all third-party cookies on a particular site by using a wildcard, *, in place of a third-party URL.

For example, to let any third-party service set cookies on toplevel.example, add *,https://toplevel.example to the CookiesAllowedForUrls policy.

To only allow thirdparty.example to set third-party cookies on toplevel.example, add https://thirdparty.example,https://toplevel.example to the CookiesAllowedForUrls policy.

Prepare your own sites and services

If you own a site or service, it’s important to ensure that it is ready for third-party cookie deprecation.

Review Chrome’s guidance on how to prepare for third-party cookie restrictions. You can also request additional migration time with the third-party cookie deprecation trial.

Was this helpful?

How can we improve it?
Search
Clear search
Close search
Google apps
Main menu
11052351197814484354