Apple paves the way for privacy on the web with full third-party cookie blocking

Reading time icon 1 min. read


Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

Apple

Full third-party cookie blocking is not new in web browsers. But Apple is the first major browser to adopt this policy. Google has already announced that Chrome will be blocking third-party cookies by 2022. With iPadOS 13.4 and Safari 13.1, cookies for cross-site resources are now blocked by default in Safari browser across the board. This is a significant improvement in terms of privacy. To support developers who need cross-site integration, Apple has included the Storage Access API in Safari. This new API will offer the means for authenticated embeds to get cookie access with mandatory user control.

Some other benefits of third party cookie blocking:

  • Disables cross-site request forgery attacks against websites through third-party requests. Note that you still need to protect against forged requests that come in through top frame navigations (see SameSite cookies for guidance).
  • Removes the ability to use an auxiliary third-party domain to identify users. Such a setup could otherwise persist IDs even when users delete website data for the first party.
  • Simplifies things for developers. Now it’s as easy as possible: If you need cookie access as third-party, use the Storage Access API.

Source: Apple Webkit

User forum

0 messages