Test for breakage



Test your site to see how it performs without third-party cookies. That will help you begin the process of transitioning to alternative solutions.

Chrome flags for testing

The best way to test your site for breakage without third-party cookies in Chrome is to use the test-third-party-cookie-phaseout flag. This flag makes Chrome behave as it does when third-party cookies are restricted, so it's ideal for testing the user experience without cross-site cookies. There are two ways to set the flag:

  • Enable chrome://flags/#test-third-party-cookie-phaseout
  • Run Chrome from the command line with the flag --test-third-party-cookie-phaseout

This flag sets Chrome to block third-party cookies, and ensures that new features and temporary mitigations are active.

You can test your site by browsing with third-party cookies blocked using chrome://settings/cookies, but the phaseout flag ensures that the new and updated features are also enabled. Blocking third-party cookies is a good approach to detecting issues, but doesn't necessarily help you validate you have fixed them.

If you maintain an active test suite for your sites, then you should do two side-by-side runs: one with Chrome on the usual settings, and one with the same version of Chrome launched with the --test-third-party-cookie-phaseout flag. Any test failures in the second run and not in the first are good candidates to investigate for third-party cookie dependencies.

In addition to --test-third-party-cookie-phaseout, there are flags available for specific testing scenarios:

  • All the following flags are supported on Windows, Mac, Linux, ChromeOS, and Android.
  • These flags can be set from the chrome://flags page or from the command line.
  • To set flags for multiple features from the command line with --enable-features or --disable-features, add a comma between each feature name.
  • You can work out the value to use for a command-line flag by setting the flag from chrome://flags, and then viewing Command Line values on the chrome://version page.
chrome://version page with a flag in the Command Line section highlighted
chrome://version page Command Line section, showing custom flag settings

Test with temporary mitigations blocked

When testing your site with the phaseout flag, temporary mitigations and Chrome's third-party cookie grace period may mean that third-party cookies are not restricted by your site or the third-party services it accesses.

The following table shows how to use Chrome flags for testing, and explains their effect when disabled or enabled.


Name Purpose Min version chrome://flags Command-line flag
Tracking Protection for 3PCD Enabled: turn on Tracking Protection:
• Show the eye icon UI in the address bar (Omnibox) to allow the user to temporarily enable third-party cookies for a site.
• Provide chrome://settings/trackingProtection instead of chrome://settings/cookies
121 #tracking-protection-3pcd --enable-features=TrackingProtection3pcd

--disable-features=TrackingProtection3pcd
Test Third Party Cookie Restrictions Disabled: this is the default. (No effect.)

Enabled: Restrict third-party cookies and enable the Tracking Protection UI.

This setting overrides the BlockThirdPartyCookies=false Chrome Enterprise policy, but is overridden by content settings, such as those granted by the Storage Access API or the CookiesAllowedForUrls policy.

Flags and settings describes how user settings interact with this flag.
121 #test-third-party-cookie-phaseout --test-third-party-cookie-phaseout
Third-party Cookie Facilitated Testing Enabled: this is the default. Allow a Chrome-facilitated testing group experiment arm to be set for this Chrome client.

Disabled: don't allow an experiment arm to be set by Chrome.

Other values: manually set a specific experiment arm.

Most developers will need to use one of the Enabled Force settings. These bypass eligibility checks and predictably place the Chrome client into the selected group arm. The Enabled settings allow the client to be included in an experiment arm, but don't force inclusion.
121 #tpc-phase-out-facilitated-testing --enable-features=CookieDeprecationFacilitatedTesting

--disable-features=CookieDeprecationFacilitatedTesting

For other values, command-line values depend on the setting. For example, to set Enabled Force Control 1:

--enable-features=CookieDeprecationFacilitatedTesting:force_eligible/true/disable_3p_cookies/false/disable_ads_apis/false/label/fake_control_1%2E1/version/9994

If you need to set these values from the command line, it's probably easiest to set the value from chrome://flags, restart the browser, then copy the flag value from the Command Line section of the chrome://version page.
Third-Party Cookie Deprecation Metadata Grants for Testing Enabled: this is the default. Allow the third-party cookie grace period to take effect.

Disabled: Make Chrome behave as if the grace period is not in effect.
121 #tpcd-metadata-grants --enable-features=TpcdMetadataGrants

--disable-features=TpcdMetadataGrants
Third-party Cookie Grants Heuristics Testing Default: allow heuristics-based mitigations.

Enabled: no effect. (Same as Default.)

Disabled: don't allow heuristics-based mitigations. This can be useful for testing that other longer-term fixes (without third-party cookies) are working as expected without heuristics mitigations.

Other flag values are as follows.

CurrentInteraction: require a user interaction on the third-party site during the dialog or redirect flow.

ShortRedirect redirect heuristic grants cookie access for 15 minutes: third-party cookies are allowed for redirect scenarios as described in heuristics-based mitigations.

LongRedirect: redirect heuristic grants cookie access for 30 days.

MainFrame:only popups initiated by the main frame can enable the redirect heuristic.

AllFrameInitiator
: popups initiated by any frame can enable the redirect heuristic.
120 #tpcd-heuristics-grants --enable-features=TpcdHeuristicsGrants

--disable-features=TpcdHeuristicsGrants

For other values, set the value from chrome://flags, restart the browser, then copy the flag value from the Command Line section of the chrome://version page.


Chrome flags and Chrome settings

Blocking third-party cookies from Chrome user settings has a different effect from the default behavior when using Chrome with the chrome://flags#test-third-party-cookie-phaseout flag enabled.

With only the flag enabled, third-party cookies are handled as they are for Chrome's Tracking Protection test group: third-party cookies are still allowed in short-term, limited cases to allow critical services to function, and also through the longer-term solutions of CHIPS and the Storage Access API.

If Block all third-party cookies is enabled from chrome://settings/trackingProtection (or Block third-party cookies from chrome://settings/cookies, for those not in the Tracking Protection group) Chrome does not allow any access to third-party cookies or other unpartitioned state, unless third-party cookies are allowed by a Chrome Enterprise CookiesAllowedForUrls policy, or the user explicitly grants permission:

  • Using the eye icon in the address bar (Omnibox).
  • Adding an entry under Sites allowed to use third-party cookies on the chrome://settings/trackingProtection page.
  • Adding an entry to Allowed to use third-party cookies on chrome://settings/cookies.

If the BlockThirdPartyCookies policy is set to false for a Chrome Enterprise user, they won't be able to block third-party cookies from chrome://settings.

Use flag combinations to simulate usage scenarios

Scenario #tracking-protection-3pcd #tpcd-metadata-grants
1% testing Enabled Disabled
Grace period registration approved for domain, but no token yet supplied Enabled Enabled
Grace period active, token supplied Enabled Disabled
Grace period no longer active, token supplied Enabled [No effect]

Support

Find out more