Extensions can store cookies and access web storage APIs similarly to a normal website. However, in some cases these behave differently in extensions.
chrome.storage for information on the extension API.
It is often desirable to use web platform storage APIs in extensions. This section explores the behavior of these APIs in an extension context, which can sometimes differ with how they behave on the web.
By default, extensions are subject to the normal quota restrictions on storage, which can be checked
navigator.storage.estimate(). Storage can also be evicted under
heavy memory pressure, although this is rare. To avoid this:
- Request the
"unlimitedStorage"permission, which affects both extension and web storage APIs and exempts extensions from both quota restrictions and eviction.
navigator.storage.persist()for protection against eviction.
Extension storage is shared across the extension's origin including the extension service worker, any extension pages (including popups and the side panel), and offscreen documents. In content scripts, calling web storage APIs accesses data from the host page the content script is injected on and not the extension.
Access in service workers
If you need to access Local Storage or Session Storage from the service worker, use an offscreen document.
Partitioning is where keys are introduced for stored data to limit where it can be accessed. Storage has historically been keyed by origin.
Starting in Chrome 115, storage partitioning introduces changes to how partitioning keys are defined to prevent certain types of cross-site tracking. In practice, this means that if site A embeds an iframe containing site B, site B will not be able to access the same storage it would usually have when navigated to directly.
To mitigate the impact of this in extensions, two exemptions apply:
- If a page with the
chrome-extension://scheme is embedded in any site, storage partitioning will not apply, and the extension will have access to its top-level partition.
- If a page with the
chrome-extension://scheme includes an iframe, and the extension has host permissions for the site it is embedding, that site will also have access to its top-level partition.
Cookies provide a way to store key-value pairs associated with a specific domain and path. They have limited value in extensions but understanding their behavior can be useful if you have a specific use case or have bundled a third-party script which uses them in its implementation.
Secure cookie attribute is only supported for the
chrome-extension:// pages are not able to set cookies with this attribute.
This also means that extension pages cannot use other cookie attributes where the
Secure attribute is
Partitioning and SameSite behavior
Cookies set on chrome-extension:// pages always use
Consequently, cookies set by an extension on its own origin can never be
accessed in frames and partitioning is not relevant.
For cookies associated with third-party sites, such as for a third-party site loaded in a frame on an extension page, or a request made from an extension page to a third-party origin, cookies behave the same as the web except in two ways:
- Third-party cookies are never blocked even in subframes if the top-level page
for a given tab is a
- Requests from an extension to a third-party are treated as same-site if the
extension has host permissions for the third-party. This means
SameSite=Strictcookies can be sent. Note that this only applies to network requests, not access through
Note that settings around third-party cookies are affected by the Privacy Sandbox work and are adjusted according to its timeline.