the Chromium logo

The Chromium Projects

Third-Party Cookie Deprecation Testing and Debugging

In Chrome settings, go to Privacy and Security -> Cookies and other site data or chrome://settings/cookies. Under General Settings ensure that Block third-party cookies is enabled.

image

Testing your site

Go to the actual site you want to test and thoroughly test site functionality, with a focus on anything involving federated login flows, online payments, 3-D Secure verification, multiple domains, or cross-site embedded content (iframes, images, videos, etc.) to see if it’s working properly. If not, use the following tools to find out the cookies that may be affected.

Debugging

Use Chrome DevTools

  1. Make sure third-party cookie blocking is enabled in chrome://settings/cookies.
  2. Open DevTools.
  3. Reload the webpage to capture all the network requests made by the site.
  4. Analyze the requests:
    1. Click the "3rd-party request” checkbox to narrow down the requests that need third-party cookies.
    2. Click through the request to look for the cookies that have "SameSite=None; Secure;" from the blocked cookies in the “Cookies” tab. These are third-party cookies.
    3. Remember to check the “show filtered out cookies” checkbox, the ones highlighted in yellow are the filtered out cookies.
    4. Look for the cookies that have an info icon in the “Name” column. Hover the mouse over the icon, if the tooltip says "This cookie is blocked due to user preferences", that means this cookie was affected by third-party cookie blocking. (Make sure this cookie is not blocked due to site specific user settings, which would show the same reason.)
  5. Identify third-party cookie users: see which domains are setting or receiving the cookies by looking into the “Headers” tab.

The following examples show blocked third-party cookies in the DevTools.

Third-party cookie blocked for a request:

Third-party cookie blocked for a request

Third-party cookie blocked for a response:

Third-party cookie blocked for a response

Unfortunately, Chrome can only tell you when there are cookies that will behave differently under the third-party cookie blocking behavior, but it can’t tell you which cookies might be responsible for site breakage.

Use NetLog

The NetLog only covers cookies accessed over the network via HTTP(S) and does not include other methods of cookie access such as document.cookie (JavaScript) or chrome.cookies (extensions).

The instructions to use NetLog to debug cookie issues caused by SameSite attribute is applicable to third-party cookie deprecation, with some tweeks needed: make sure to look for cookies marked with “EXCLUDE_USER_PREFERENCES”.