Test for breakage



Web browsers are deprecating third-party cookies, so you need to test your site to see how it performs with third-party cookies blocked. That will help you begin the process of transitioning to alternative solutions.

Chrome flags for testing

The best way to test your site for breakage without third-party cookies in Chrome is to use the third-party cookie phaseout flag. This flag makes Chrome behave as it will be after third-party cookie deprecation, so it's ideal for testing the user experience without cross-site cookies. There are two ways to set the flag:

  • Enable chrome://flags/#test-third-party-cookie-phaseout
  • Run Chrome from the command line with the flag --test-third-party-cookie-phaseout

This flag sets Chrome to block third-party cookies, and ensures that new features and temporary mitigations are active.

You can test your site by browsing with third-party cookies blocked using chrome://settings/cookies, but the phaseout flag ensures that the new and updated features are also enabled. Blocking third-party cookies is a good approach to detecting issues, but doesn't necessarily help you validate you have fixed them.

If you maintain an active test suite for your sites, then you should do two side-by-side runs: one with Chrome on the usual settings, and one with the same version of Chrome launched with the --test-third-party-cookie-phaseout flag. Any test failures in the second run and not in the first are good candidates to investigate for third-party cookie dependencies.

In addition to --test-third-party-cookie-phaseout, there are flags available for specific testing scenarios, such as participation in deprecation trials:

  • All the following flags are supported on Windows, Mac, Linux, ChromeOS, and Android.
  • These flags can be set from the chrome://flags page or from the command line.
  • To set flags for multiple features from the command line with --enable-features or --disable-features, add a comma between each feature name.
  • You can work out the value to use for a command-line flag by setting the flag from chrome://flags, and then viewing Command Line values on the chrome://version page.
chrome://version page with a flag in the Command Line section highlighted
chrome://version page Command Line section, showing custom flag settings

Test with temporary mitigations blocked

When testing your site with the phaseout flag, temporary mitigations such as the third-party cookie deprecation trials and grace period may mean that third-party cookies are not restricted by your site or the third-party services it accesses.

To ensure that temporary mitigations don't mask breakage, you can test your site with flags to block mitigations:

The following table shows how to use these flags, and explains their effect when disabled or enabled.


Name Purpose Min version chrome://flags Command-line flag
Tracking Protection for 3PCD Enabled: turn on Tracking Protection:
• Show the eye icon UI in the address bar (Omnibox) to allow the user to temporarily enable third-party cookies for a site.
• Provide chrome://settings/trackingProtection instead of chrome://settings/cookies		 121 #tracking-protection-3pcd --enable-features=TrackingProtection3pcd

--disable-features=TrackingProtection3pcd
Test Third Party Cookie Phaseout Disabled: this is the default. (No effect.)

Enabled: Restrict third-party cookies and enable Tracking Protection UI to match the behavior of Chrome after third-party cookie phaseout.

This setting overrides the BlockThirdPartyCookies=false Chrome Enterprise policy, but is overridden by content settings, such as those granted by the Storage Access API or the CookiesAllowedForUrls policy.

Flags and settings describes how user settings interact with this flag.		 121 #test-third-party-cookie-phaseout --test-third-party-cookie-phaseout
Third-party Cookie Deprecation Trial Grants for Testing Enabled: this is the default. Allow participation in the Third-party cookie deprecation trial. (This flag no longer needs to be set to Enabled to take part in the trial.)

Disabled: make Chrome behave as if a third-party deprecation trial token has not been provided, even if it has. In other words: disable the third-party deprecation trial. This can be useful for testing that longer-term fixes are working, without third-party cookies, on a site participating in the deprecation trial.

To have an effect, this flag requires #tracking-protection-3pcd to be enabled. 		121 #third-party-cookie-deprecation-trial --enable-features=TpcdSupportSettings

--disable-features=TpcdSupportSettings
Top-Level Third-Party Cookie Deprecation Trial Grants for Testing Enabled: Required to allow the Top-level third-party cookie deprecation trial.

Disabled: as with the third-party trial, make Chrome behave as if a valid trial token has not been provided, even if it has. In other words: disable the first-party deprecation trial. This can be useful for testing that longer-term fixes are working, without third-party cookies, on a site participating in the first-party deprecation trial.		 122 #top-level-third-party-cookie-deprecation-trial --enable-features=TopLevelTpcdSupportSettings

--disable-features=TopLevelTpcdSupportSettings
Third-Party Cookie Deprecation Metadata Grants for Testing Enabled: this is the default. Allow the third-party cookie grace period to take effect.

Disabled: Make Chrome behave as if the [grace period](https://goo.gle/3pcd-grace-period) is not in effect. This can also be used to check that your site has deployed deprecation trial tokens correctly, before the grace period ends (for a site that is subject to the grace period).		 121 #tpcd-metadata-grants --enable-features=TpcdMetadataGrants

--disable-features=TpcdMetadataGrants
Third-party Cookie Phase Out Facilitated Testing Enabled: this is the default. Allow a Chrome-facilitated testing group experiment arm to be set for this Chrome client.

Disabled: don't allow an experiment arm to be set by Chrome.

Other values: manually set a specific experiment arm.

Most developers will need to use one of the Enabled Force settings. These bypass eligibility checks and predictably place the Chrome client into the selected group arm. The Enabled settings allow the client to be included in an experiment arm, but don't force inclusion.		 121 #tpc-phase-out-facilitated-testing --enable-features=CookieDeprecationFacilitatedTesting

--disable-features=CookieDeprecationFacilitatedTesting

For other values, command-line values depend on the setting. For example, to set Enabled Force Control 1:

--enable-features=CookieDeprecationFacilitatedTesting:force_eligible/true/disable_3p_cookies/false/disable_ads_apis/false/label/fake_control_1%2E1/version/9994

If you need to set these values from the command line, it's probably easiest to set the value from chrome://flags, restart the browser, then copy the flag value from the Command Line section of the chrome://version page.
Third-party Cookie Grants Heuristics Testing Default: allow heuristics-based mitigations.

Enabled: no effect. (Same as Default.)

Disabled: don't allow heuristics-based mitigations. This can be useful for testing that other longer-term fixes (without third-party cookies) are working as expected without heuristics mitigations.

Other flag values are as follows.

CurrentInteraction: require a user interaction on the third-party site during the dialog or redirect flow.

ShortRedirect redirect heuristic grants cookie access for 15 minutes: third-party cookies are allowed for redirect scenarios as described in heuristics-based mitigations.

LongRedirect: redirect heuristic grants cookie access for 30 days.

MainFrame:only popups initiated by the main frame can enable the redirect heuristic.

AllFrameInitiator: popups initiated by any frame can enable the redirect heuristic.		 120 #tpcd-heuristics-grants --enable-features=TpcdHeuristicsGrants

--disable-features=TpcdHeuristicsGrants

For other values, set the value from chrome://flags, restart the browser, then copy the flag value from the Command Line section of the chrome://version page.


Chrome flags and Chrome settings

Blocking third-party cookies from Chrome user settings has a different effect from the default behavior when using Chrome with the chrome://flags#test-third-party-cookie-phaseout flag enabled.

With only the flag enabled, third-party cookies are handled as they are for Chrome's Tracking Protection test group: third-party cookies are still allowed in short-term, limited cases to allow critical services to function, and also through the longer-term solutions of CHIPS and the Storage Access API.

If Block all third-party cookies is enabled from chrome://settings/trackingProtection (or Block third-party cookies from chrome://settings/cookies, for those not in the Tracking Protection group) Chrome does not allow any access to third-party cookies or other unpartitioned state, unless third-party cookies are allowed by a Chrome Enterprise CookiesAllowedForUrls policy, or the user explicitly grants permission:

  • Using the eye icon in the address bar (Omnibox).
  • Adding an entry under Sites allowed to use third-party cookies on the chrome://settings/trackingProtection page.
  • Adding an entry to Allowed to use third-party cookies on chrome://settings/cookies.

If the BlockThirdPartyCookies policy is set to false for a Chrome Enterprise user, they won't be able to block third-party cookies from chrome://settings.

Use flag combinations to simulate usage scenarios

Scenario #tracking-protection-3pcd #third-party-cookie-deprecation-trial #tpcd-metadata-grants
1% testing, deprecation trial ignored Enabled Disabled Disabled
Grace period registration approved for domain, but no token yet supplied Enabled Enabled Enabled
Grace period active, token supplied Enabled Enabled Disabled
Grace period no longer active, token supplied Enabled Enabled [No effect]

Support

Find out more