Third-Party Cookies are cookies set on the website by a domain different from the one a user is currently visiting. They are used to embed videos, maps, chat widgets, and other content across a domain and its subdomains via an <iframe>.

privacy laws such as the GDPR require businesses to respect user privacy rights. Without cookie partitioning, Third-Party Cookies can enable service providers to track users and associate their information across unrelated top-level sites. If cookie consent was not given, this would violate privacy laws.

Google had plans to get rid of Third-Party Cookies at all, but in 2024 it dropped these plans.

Now Google is looking for alternative solutions of using third-party cookies. In 2019, Google launched the Privacy Sandbox to provide safer methods to increase user privacy. 

Cookies Having Independent Partitioned State (CHIPS) is the best-developed Google initiative to respect user privacy and comply with privacy laws. While other solutions of Privacy Sandbox are voluntary, this one is already implemented by default on Google’s web browser Chrome.

Read more about Cookies Having Independent Partitioned State.

What Are Cookies Having Independent Partitioned State (CHIPS)?

Cookies Having Independent Partitioned State (CHIPS), also known as partitioned cookies, is a privacy feature in Chrome that allows partitioning of Third-Party Cookies by the top-level site. A partitioned third-party cookie is tied to the top-level site where it’s initially set and cannot be accessed from elsewhere.

This means that a single third-party domain can no longer maintain one shared cookie across multiple unrelated websites. Instead, partitioned Third-Party Cookies are kept in independent storage buckets (partitions) per top-level site the user visits. CHIPS can only be read within the context of the top-level site they were set on, blocking cross-site user tracking.

This feature does not allow tracking users and associating their information across unrelated top-level sites.

This is Chrome’s newest cookie model, introduced on Chrome 114 and used by default on Chrome 115. The model isolates cookies by the top-level site and shows "Partition Key Site" in Dev Tools.

Scan your website for free and see what cookies, including Third-Party Cookies, your website uses:

What Is the Partition Key (Site)?

The Partition Key is a unique ID (an identifier) that indicates the top-level site under which a particular cookie is associated with. The Partition Key could also be labeled as the Partition Key Site in Dev Tools or in the cookie inspector. This ensures that the same third-party domain cannot track you across multiple top-level sites unless users provide explicit cookie consent.

You can access Chrome Dev Tools under Application > Storage > Cookies to see a Partition Key or a Partition Key Site. There are the following fields:

• Name / Value: Normal cookie key and value pair.
• Domain / Path / Expires: Standard cookie metadata.
• Partition Key: The site or origin used to partition the cookie. This field will typically point to the top-level domain for a third-party cookie.

How Does CHIPS Work?

When a user visits the first website, which embeds content from a third-party service provider, the third-party service provider sets a cookie on the user's device. If the user visits the second website, which also embeds content from the same third-party service provider, the service provider can access the cookie set when the user visits the previous page.

Third-Party Cookies historically have been stored with a host key— the key based on the host or domain name of the site that set them. This means that third-party service providers like Google or Meta could associate websites with the user and track users across different sites.

Browsers with CHIPS partition (silo) Third-Party Cookies and provide a new cookie attribute (Partitioned) to support cross-site cookies that are partitioned by top-level context.

1. Partitioning: When a service provider sets a third-party cookie on the first website, Chrome labels it internally with a Partition Key (the top-level site). If the same third-party cookie is set on the second website, it receives a different cookie Partition Key.
2. Cookie Attribute: There is a Partitioned attribute, and browsers that support CHIPS provide a Partitioned attribute for the Set-Cookie HTTP header. Browsers treat these cookies as isolated by the top-level site. For example:

Set-Cookie HTTP header example:

Set-Cookie: __Host-name=value; Secure; Path=/; SameSite=None; Partitioned;

Javascript example:

document.cookie="__Host-name=value; Secure; Path=/; SameSite=None; Partitioned;"

Note: Partitioned cookies must be set with the Secure attribute. In addition, you can use the __Host prefix when setting partitioned cookies to bind them only to the current domain or subdomain. This is recommended if you don't want to share cookies between subdomains.

A partitioned third-party cookie is tied to the top-level site where it was initially set and cannot be accessed from other sites. Thus, cookies set by a third-party service provider can only be read within the same embedded context of the top-level site where they were initially set.

Example use cases for CHIPS include any scenarios where a website uses embed <iframe> and wants to block cross-site tracking, including:

• Third-party chat embeds
• Third-party map embeds
• Third-party analytics embeds
• Third-party payment embeds
• Sub-resource CDN load balancing
• Headless CMS providers
• Sandbox domains for serving untrusted user content, etc.

Effect on Privacy and Other Benefits of CHIPS

Cookies Having Independent Partitioned State have the following benefits:

• Reduce cross-site tracking. Historically, third-party cookies could track users across different top-level sites, when embedded on these sites. Partition cookies are effectively partitioned, or siloed, by the top-level site, preventing easy cross-site user association.
• Granular privacy. Users gain finer-grained privacy controls because third parties can’t combine or share tracking data across multiple top-level sites.
• From a developer perspective, the same third-party script loaded on different sites can only read or write cookies within the partition for the current top-level site.

CookieScript Consent Management Platform offers a wide range of features to obtain website compliance, including:

•     Displaying a cookie consent banner on your website, that fits your website design.
•     Informing users about the types of cookies used and what their purposes are.
•     Giving users the possibility to accept or reject categories of cookies separately.
•     Auto-blocking third-party cookies until the user gives consent.
•     Recording and storing Cookie Consent.
•     Showing cookie table for full disclosure of cookies, etc.

Partition Cookies Browser Compatibility

The concept of Cookies Having Independent Partitioned State, or partition cookies, was developed by Google’s web browser Chrome. The feature could be activated starting from Chrome 114. This became more widely available starting with Chrome 115 and higher.

All the most popular browsers isolate, or partition, third-party cookies similarly to enhance privacy. While the technical details and naming differ among browsers, the general concept is the same: third-party embed cookies are siloed, keyed, or partitioned by the top-level site to prevent cross-site user tracking.

Here are the main browsers implementing this concept:

Mozilla Firefox

The analogous feature of Chrome’s partition cookies is called Total Cookie Protection (TCP).

In strict or Enhanced Tracking Protection, every third-party cookie is restricted to its own cookie jar per top-level site, which is essentially cookie partitioning, blocking cross-site user tracking.

The difference is that TCP partitions cookie storage and retrieval into separate cookie jars for each top-level site, without a mechanism to allow opt-in to third-party cookies if desired. As browsers start to phase out third-party cookie usage, there are still some valid non-tracking cases of third-party cookie usage that need to be permitted. Developers have to solve this challenge.

Mozilla Firefox version 131 or higher has Total Cookie Protection.

Safari (WebKit)

The analogous feature to Chrome’s partition cookies is implemented via Intelligent Tracking Prevention (ITP).

Safari uses an algorithmic approach to classify cookies and other trackers and to limit or entirely block third-party cookies automatically. The browser partitions cookies for third-party service providers or purges them after short durations, effectively reducing cross-site user tracking.

Safari’s approach is more aggressive, often including partitioning or outright blocking third-party cookies depending on ITP rules.

The feature is included in Safari 12 and iOS 11.

Chromium-based Browsers

Chromium-based Browsers such as Microsoft Edge, Opera, and Brave use the Chromium engine, so they gained the cookie-partitioning feature around the same time as Chrome. However, specifics such as default CHIPS activation or UI in Dev Tools may vary.

• Microsoft Edge follows Chrome’s major privacy and security features. As Edge updates to Chromium 115+ or higher, partitioned cookies become available by default. Edge 114 or higher uses CHIPS by default.
• Opera also adopts Chromium privacy and security features but may slightly lag with the implementation schedule. Opera 100 or higher versions implement CHIPS by default.
• Brave is also built on the Chromium engine but typically implements even stricter tracking protections by default. So, partitioned cookies are also the default feature.

Conclusion

In conclusion, Cookies Having Independent Partitioned State (CHIPS), or partitioned cookies, are a privacy-orientated feature preventing third-party scripts and <iframes> from using a single cookie store across multiple sites. Partition cookies are effectively partitioned, or siloed, by the top-level site, preventing cross-site user tracking. The third-party resources are not shared across different top-level domains.

Partitioned third-party cookies, set on different websites, have different cookie Partition Keys. CHIPS also has a new cookie attribute- a Partitioned attribute. A Partition Key can be accessed in Chrome Dev Tools under Application > Storage > Cookies (or similar).

The concept of CHIPS was developed by Google’s web browser Chrome and became more widely available starting with Chrome 115 and higher. All modern browsers partition third-party cookies similarly to enhance privacy. While the technical details and naming differ among browsers, the general concept is the same: third-party embed cookies are siloed, keyed, or partitioned by the top-level site to prevent cross-site user tracking.

Frequently Asked Questions

What Are Cookies Having Independent Partitioned State (CHIPS)?

Cookies Having Independent Partitioned State (CHIPS), also known as partitioned cookies, is a privacy feature in Chrome that allows partitioning of third-party cookies by the top-level site, which prevents user cross-site tracking. A partitioned third-party cookie is tied to the top-level site where it’s initially set and cannot be accessed from elsewhere. CHIPS was developed by Google’s web browser Chrome and became more widely available starting with Chrome 115 and higher. Use CookieScript Cookie Scanner to scan your website for cookies for free.

What is the Partition Key Site in Chrome browser cookie information?

The Partition Key, or the Partition Key Site, is a unique ID (an identifier) that indicates the top-level site under which a particular cookie is associated with. It is used to partition third-party cookies by the top-level site and ensures that the same third-party domain cannot track users across multiple top-level sites. Not sure if your website uses cookies? Use CookieScript Cookie Scanner to scan your website for cookies for free.

What does it mean when cookies are partitioned?

This is Chrome’s newest cookie model, used by default on Chrome 115. Traditionally, if a single third-party domain is embedded on multiple unrelated websites, users can be tracked across sites. When third-party cookies are partitioned, or siloed, by the top-level site, the third party can no longer maintain one shared cookie across multiple websites and track users. Instead, partitioned third-party cookies are kept in independent storage buckets (partitions) per top-level site the user visits. Use CookieScript Cookie Scanner to scan your website for cookies for free.

What is the difference between partitioned and unpartitioned cookies?

Without partitioning, third-party cookies can track users across multiple unrelated sites. Partitioned third-party cookies, set on different websites, are two cookies that are exactly the same (that is, they have the same attributes such as name, domain, or path) but are treated as separate cookies. They have different cookie Partition Keys, so the top-level site can’t track users across sites. Scan your website with CookieScript for free and see what cookies, including third-party cookies, your website uses.

Which browsers support partitioned cookies?

Partition cookies were developed by Google and could be activated starting from Chrome 114. This became available by default starting with Chrome 115 and higher. All modern browsers have the third-party cookies partitioning feature. Mozilla Firefox 131 or higher has Total Cookie Protection. Safari 12 and iOS 11 have Intelligent Tracking Prevention. Microsoft Edge 114, Opera 100, or higher versions, and all brave browsers partition third-party cookies by default. Scan your website with CookieScript for free and see what cookies your website uses.

How Does Cookies Having Independent Partitioned State (CHIPS) Work?

When a service provider sets the same third-party cookie on several websites, they receive a different cookie Partition Key. There is also a Partitioned attribute, and browsers that support CHIPS provide a Partitioned attribute for the Set-Cookie HTTP header. Browsers treat these cookies as isolated by the top-level site, so the cross-site tracking is blocked. Use CookieScript Cookie Scanner to scan your website for cookies.