Enterprise-managed Chrome has unique requirements compared to general web usage and Chrome Enterprise administrators have additional controls over third-party cookie access for their users. As with the majority of Chrome experiments, most Chrome Enterprise end users will be excluded from the 1% third-party cookie restrictions automatically. For the users that may still be affected, there are short-term solutions that can be applied while working to remove reliance on third-party cookies. Enterprise solution providers may want to inform IT administrators and end-users about settings and policies to temporarily allow third-party cookies, while working in parallel on longer-term fixes that don't rely on third-party cookies.
Chrome Enterprise policies for third-party cookies
For end users accessing your application through a managed instance of Chrome Enterprise, administrators can set Chrome Enterprise policies to allow third-party cookies for either all or a subset of websites. This will give enterprises and their software providers time to make the changes required to adapt to third-party cookie restrictions in Chrome.
Allow or restrict all third-party cookies
The BlockThirdPartyCookies policy can be used to opt out managed browsers and provide adequate time to make necessary changes to transition away from third-party cookies.
Disabled | Allow web page elements that aren't from the domain that's in the
browser's address bar to set cookies, and prevent users from blocking third-party
cookies from chrome://settings . |
Enabled | Prevent third-party cookies from being set. |
Unset | Allow third-party cookies by default and enable users
to block third-party cookies from chrome://settings . |
Supported on:
- Google Chrome (Linux, Mac, Windows) since version 10
- Google ChromeOS (Google ChromeOS) since version 11
- Google Chrome (Android) since version 83
You can read more in the Chrome Enterprise release notes.
Allow third-party cookies from specific sites or URLs
To allow third-party cookies only on specific sites, add sites to the CookiesAllowedForUrls
policy.
For example, adding *,https://toplevel.example
to the CookiesAllowedForUrls
policy will allow third-party cookies to continue to be set on
https://toplevel.example
.
Guidance for end-users accessing enterprise applications through an unmanaged Chrome instance
In case of site breakage due to third-party cookie restrictions, you can recommend users who are not on a managed Chrome instance to allow third-party cookies in one of two ways:
- Chrome clients in the Tracking Protection test group can temporarily allow third-party cookies for a specific site. Click the eye icon in the Chrome address bar, and enable third-party cookies for the current site.
- Users can
permanently allow third-party cookies for a specific site
from
chrome://settings/cookies
orchrome://settings/trackingProtection
, by adding a site to Sites allowed to use third-party cookies.
Request additional time to migrate away from third-party cookie dependencies
Chrome is providing a grace period to enable sites and services experiencing breakage to request additional time to migrate away from third-party cookies to alternative solutions. Eligible grace period participants will be granted continued access to third-party cookies for a limited time. To be eligible, sites must demonstrate functional breakage in user-facing journeys that are not related to advertising use cases.
Once your site or service is enrolled in the grace period, IT admins and end-users will no longer be required to deploy fixes to allow third-party cookies. The managed Chrome Enterprise policies will be available beyond December 27, 2024.
Report issues
We also intend to provide further reporting and tooling to help identify third-party cookie usage on enterprise sites. We have less visibility of enterprise browsers in Chrome's usage metrics, which means it is especially important for enterprises to test for breakage and report issues to us.