The cookiestatus.com website is a knowledge sharing resource for the various tracking protection mechanisms implemented by the major browsers and browser engines.
For more information about the service, please consult the FAQ.
Please submit suggestions and corrections as issues in the GitHub project. Click here to find your way.
Last updated: 30 January 2020
Clarify Safari's cookie restrictions in third-party context.
|Mechanism||Shields||n/a||Anti-Tracking||Tracking prevention||Enhanced Tracking Protection (ETP)||Intelligent Tracking Prevention (ITP)|
|Deployed in||0.55.18||n/a||1.30.0||78.0.276.8||69.0||Safari 11|
|Default protection mode||Default Shield settings||n/a||Default Anti-Tracking settings||Balanced||Standard||ITP enabled|
|Classification of “known trackers”||Multiple filter lists||n/a||Algorithmic||Trust Protection Lists (with engagement and organization mitigation)||Disconnect.me||Algorithmic|
|Cookies in 3rd party context||All access restricted.||No restrictions.||Access restricted for known trackers.||Access restricted for known trackers.|
|Cookies in 1st party context||No restrictions.||No restrictions.||No restrictions.|
|Other browser storage in 3rd party context||No restrictions.||No restrictions.||No restrictions.|
|Other browser storage in 1st party context||No restrictions.||No restrictions.||No restrictions.||No restrictions.||No restrictions.||Restricted to 7 days since last interaction (click, tap, text input) on pages with URL decoration (query parameters or fragments) when referring domain is a known tracker.|
|Referrer|| Default browser policy (
||Strip all cross-origin referrers to origin.|| Default browser policy (
|| Default browser policy (
|Other|| Removes known tracking parameters (
||n/a||Algorithmically identify and purge unique user identifiers from requests to third-party domains.||n/a||Automatically block requests to tracking domains that are also listed in the Fingerprinting category of the Disconnect.me list.||n/a|
Last updated: 10 January 2020
isLoggedIn(original explainer and WebKit changeset for experimental feature)
strict-origin-when-cross-origindefault referrer policy
Web browsers are going through fairly momentous shifts in order to better respond to the increasing number of data breaches and cases of data misuse by third parties.
Unfortunately, each browser (and the underlying browser engine) seems to have their own interpretation of how to best tackle the problem, which leads to a diverse set of features across the browser landscape.
What's worse, the information about how these tracking protection mechanisms are deployed is all over the place: in release notes, in developer documentation, in Twitter threads, in working groups, in feature drafts, in bug patches, etc.
The purpose of the Cookie Status resource is to (attempt to) collect this information in one place for easy access and perusal.
There is no commercial agenda behind this project. In fact, there is no agenda other than knowledge transfer.
Just to kick things off. Hopefully the open-source nature of this project will invite others to contribute details about browsers that are doing significant work with regard to user privacy.
Cookie Status doesn't use browser cookies,
sessionStorage is used to add some functionality to navigation (marking visited pages, highlighting search terms).
Nothing in browser storage is sent to any third parties at any time.
If you see anything contrary to the above, please raise an issue about this.
Cookie Status collects a simple pageview hit from the page loads that happen on https://www.cookiestatus.com/. This is simply to gauge the relative “usage” of different parts of the site.
The payload uses an obfuscated User-Agent string, the IP address is anonymized (by removing the last octet before it hits the GA reports), and no persistent identifiers are used or stored.