Chrome Enterprise third-party cookie policies

Enterprise-managed Chrome has unique requirements compared to general web usage and Chrome Enterprise administrators have additional controls over third-party cookie access for their users. As with the majority of Chrome experiments, most Chrome Enterprise end users will be excluded from the 1% third-party cookie restrictions automatically. For the users that may still be affected, there are short-term solutions that can be applied while working to remove reliance on third-party cookies. Enterprise solution providers may want to inform IT administrators and end-users about settings and policies to temporarily allow third-party cookies, while working in parallel on longer-term fixes that don't rely on third-party cookies.

Chrome Enterprise policies for third-party cookies

For end users accessing your application through a managed instance of Chrome Enterprise, administrators can set Chrome Enterprise policies to allow third-party cookies for either all or a subset of websites. This will give enterprises and their software providers time to make the changes required to adapt to third-party cookie restrictions in Chrome.

Allow or restrict all third-party cookies

The BlockThirdPartyCookies policy can be used to opt out managed browsers and provide adequate time to make necessary changes to transition away from third-party cookies.

DisabledAllow web page elements that aren't from the domain that's in the browser's address bar to set cookies, and prevent users from blocking third-party cookies from chrome://settings.
EnabledPrevent third-party cookies from being set.
UnsetAllow third-party cookies by default and enable users to block third-party cookies from chrome://settings.

Supported on:

  • Google Chrome (Linux, Mac, Windows) since version 10
  • Google ChromeOS (Google ChromeOS) since version 11
  • Google Chrome (Android) since version 83

You can read more in the Chrome Enterprise release notes.

Allow third-party cookies from specific sites or URLs

To allow third-party cookies only on specific sites, add sites to the CookiesAllowedForUrls policy.

For example, adding *,https://toplevel.example to the CookiesAllowedForUrls policy will allow third-party cookies to continue to be set on https://toplevel.example.

Guidance for end-users accessing enterprise applications through an unmanaged Chrome instance

In case of site breakage due to third-party cookie restrictions, you can recommend users who are not on a managed Chrome instance to allow third-party cookies in one of two ways:

Chrome has launched first-party and third-party depreciation trials to give sites and services additional time to migrate away from third-party cookie dependencies. Enterprise SaaS integrations may be eligible.

Chrome is providing a grace period for eligible origins registered for the deprecation trials. During the grace period, participants will have access to third-party cookies in Chrome even if they have not yet deployed their trial tokens. Sites and services are expected to deploy their deprecation trial tokens by the end of the grace period to maintain access to third-party cookies for the remainder of the deprecation trial.

Once your site or service is enrolled in the grace period or your deprecation trial tokens are deployed, IT admins and end-users will no longer be required to deploy fixes to allow third-party cookies. The deprecation trial ends December 27, 2024: reliance on third-party cookies should be removed before this date. The managed Chrome Enterprise policies will be available beyond December 27, 2024.

Report issues

We also intend to provide further reporting and tooling to help identify third-party cookie usage on enterprise sites. We have less visibility of enterprise browsers in Chrome's usage metrics, which means it is especially important for enterprises to test for breakage and report issues to us.