Test your site to see how it performs without third-party cookies. That will help you begin the process of transitioning to alternative solutions.
Chrome flags for testing
The best way to test your site for breakage without third-party cookies in Chrome is to use the test-third-party-cookie-phaseout
flag. This flag makes Chrome behave as it does when third-party cookies are restricted, so it's ideal for testing the user experience without
cross-site cookies. There are two ways to set the flag:
- Enable
chrome://flags/#test-third-party-cookie-phaseout
- Run Chrome from the command line with the flag
--test-third-party-cookie-phaseout
This flag sets Chrome to block third-party cookies, and ensures that new features and temporary mitigations are active.
You can test your site by browsing with third-party cookies blocked using chrome://settings/cookies
, but the phaseout flag ensures that the new and updated features are also enabled. Blocking third-party cookies is a good approach to detecting issues, but doesn't necessarily help you validate you have fixed them.
If you maintain an active test suite for your sites, then you should do two side-by-side runs: one with Chrome on the usual settings, and one with the same version of Chrome launched with the --test-third-party-cookie-phaseout
flag. Any test failures in the second run and not in the first are good candidates to investigate for third-party cookie dependencies.
Test specific third-party cookie scenarios
In addition to --test-third-party-cookie-phaseout
, there are flags available
for specific testing scenarios:
- All the following flags are supported on Windows, Mac, Linux, ChromeOS, and Android.
- These flags can be set from the chrome://flags page or from the command line.
- To set flags for multiple features from the command line with
--enable-features
or--disable-features
, add a comma between each feature name. - You can work out the value to use for a command-line flag by setting the
flag from
chrome://flags
, and then viewing Command Line values on thechrome://version
page.
Test with temporary mitigations blocked
When testing your site with the phaseout flag, temporary mitigations and Chrome's third-party cookie grace period may mean that third-party cookies are not restricted by your site or the third-party services it accesses.
The following table shows how to use Chrome flags for testing, and explains their effect when disabled or enabled.
Name | Purpose | Min version | chrome://flags | Command-line flag |
---|---|---|---|---|
Tracking Protection for 3PCD | Enabled: turn on Tracking
Protection: • Show the eye icon UI in the address bar (Omnibox) to allow the user to temporarily enable third-party cookies for a site. • Provide chrome://settings/trackingProtection
instead of chrome://settings/cookies |
121 | #tracking-protection-3pcd |
--enable-features=TrackingProtection3pcd
--disable-features=TrackingProtection3pcd |
Test Third Party Cookie Restrictions | Disabled: this is the default. (No effect.) Enabled: Restrict third-party cookies and enable the Tracking Protection UI. This setting overrides the BlockThirdPartyCookies=false
Chrome Enterprise policy, but is overridden by content settings, such
as those granted by the Storage Access API or the
CookiesAllowedForUrls
policy. Flags and settings describes how user settings interact with this flag. |
121 | #test-third-party-cookie-phaseout |
--test-third-party-cookie-phaseout |
Third-party Cookie Facilitated Testing | Enabled: this is the default. Allow a Chrome-facilitated
testing group experiment arm to be set for this Chrome
client. Disabled: don't allow an experiment arm to be set by Chrome. Other values: manually set a specific experiment arm. Most developers will need to use one of the Enabled
Force settings. These bypass eligibility checks and
predictably place the Chrome client into the selected group arm. The
Enabled settings allow the client to be included in an
experiment arm, but don't force inclusion. |
121 | #tpc-phase-out-facilitated-testing |
--enable-features=CookieDeprecationFacilitatedTesting
--disable-features=CookieDeprecationFacilitatedTesting
For other values, command-line values depend on the setting. For example, to set Enabled Force Control 1 :
--enable-features=CookieDeprecationFacilitatedTesting:force_eligible/true/disable_3p_cookies/false/disable_ads_apis/false/label/fake_control_1%2E1/version/9994 If you need to set these values from the command line, it's probably easiest to set the value from chrome://flags , restart
the browser, then copy the flag value from the Command Line section of the chrome://version page.
|
Third-Party Cookie Deprecation Metadata Grants for Testing | Enabled: this is the default. Allow the third-party cookie grace period to take effect. Disabled: Make Chrome behave as if the grace period is not in effect. |
121 | #tpcd-metadata-grants |
--enable-features=TpcdMetadataGrants
--disable-features=TpcdMetadataGrants |
Third-party Cookie Grants Heuristics Testing | Default: allow heuristics-based
mitigations. Enabled: no effect. (Same as Default.) Disabled: don't allow heuristics-based mitigations. This can be useful for testing that other longer-term fixes (without third-party cookies) are working as expected without heuristics mitigations. Other flag values are as follows. CurrentInteraction : require a user interaction on the
third-party site during the dialog or redirect flow.ShortRedirect redirect heuristic grants cookie access
for 15 minutes: third-party cookies are allowed for redirect
scenarios as described in heuristics-based
mitigations.LongRedirect : redirect heuristic grants cookie access
for 30 days.MainFrame: only popups initiated by the main frame can
enable the redirect heuristic. : popups initiated by any frame
can enable the redirect heuristic. |
120 | #tpcd-heuristics-grants |
--enable-features=TpcdHeuristicsGrants
--disable-features=TpcdHeuristicsGrants
For other values, set the value from chrome://flags ,
restart the browser, then copy the flag value from the Command Line section of the chrome://version page. |
Chrome flags and Chrome settings
Blocking third-party cookies from Chrome user
settings has a different effect
from the default behavior when using Chrome with the
chrome://flags#test-third-party-cookie-phaseout
flag enabled.
With only the flag enabled, third-party cookies are handled as they are for Chrome's Tracking Protection test group: third-party cookies are still allowed in short-term, limited cases to allow critical services to function, and also through the longer-term solutions of CHIPS and the Storage Access API.
If Block all third-party cookies is enabled from
chrome://settings/trackingProtection
(or Block third-party cookies from chrome://settings/cookies
, for those not
in the Tracking Protection group) Chrome does not allow any access to
third-party cookies or other unpartitioned state, unless third-party cookies are
allowed by a Chrome Enterprise CookiesAllowedForUrls
policy, or the user explicitly grants permission:
- Using the eye icon in the address bar (Omnibox).
- Adding an entry under Sites allowed to use third-party cookies on the
chrome://settings/trackingProtection
page. - Adding an entry to Allowed to use third-party cookies on
chrome://settings/cookies
.
If the
BlockThirdPartyCookies
policy is set to false
for a Chrome Enterprise user, they won't be able to
block third-party cookies from chrome://settings
.
Use flag combinations to simulate usage scenarios
Scenario | #tracking-protection-3pcd |
#tpcd-metadata-grants |
---|---|---|
1% testing | Enabled | Disabled |
Grace period registration approved for domain, but no token yet supplied | Enabled | Enabled |
Grace period active, token supplied | Enabled | Disabled |
Grace period no longer active, token supplied | Enabled | [No effect] |
Support
- Report third-party cookie breakage: goo.gle/report-3pc-broken
- Raise an issue in the Privacy Sandbox Developer Support repository: goo.gle/cookies-support