← Back to glossary

🍪

SameSite Cookie

Web Security

Third‑Party Cookies CSRF (Cross‑Site Request Forgery) Cookie Session Cookie

A cookie setting that reduces cross-site tracking and CSRF risk.

Definition

SameSite is a cookie setting that tells the browser when to send cookies during cross-site requests.

In plain English A cookie setting that reduces cross-site tracking and CSRF risk.

Why this matters

Why it matters: It can reduce CSRF attacks and also limits some cross-site cookie tracking.

Example

Example: A login cookie is marked SameSite=Lax so it’s not sent on some cross-site requests.