Shared Storage

Allow access to unpartitioned cross-site data in a secure environment.

Published on Updated on

Translated to: 日本語

Implementation status

This document outlines a new proposal for unpartitioned storage: the Shared Storage API.

Why do we need this API?

To prevent cross-site user tracking, browsers are partitioning all forms of storage (cookies, localStorage, caches, etc). However, there are a number of legitimate use cases that rely on unpartitioned storage which would be impossible without help from new web APIs. For example, an advertiser may want to measure reach of an ad campaign across different sites, while preserving individual user privacy and identity.

The proposed Shared Storage API will allow sites to store and access unpartitioned cross-site data. This data must be read in a secure environment to prevent leakage. This API will work in combination with other proposals, such as Trust Tokens, Fenced Frames, and others.

Who is this for?

Many different organizations may benefit from using the Shared Storage API. For example:

  • Adtechs to solve many common ads use cases which currently rely on third-party cookies.
  • Payments providers to understand if the user is an existing customer and tailor the checkout experience.
  • Web security companies who use custom on-device logic to flag suspicious or dangerous behavior.

Use cases for Shared Storage

The Shared Storage API intends to support many use cases, replacing several existing uses for third-party cookies. This may include:

  • Recording aggregated statistics, such as demographics, reach, frequency measurement, and conversion measurement with the Private Aggregation API
  • Frequency capping
  • Lift experiments
  • A/B experiments
  • Creative rotation
  • Confirm login for payment provider
  • User consent status

The proposal intends to create a general purpose API which supports many possible future use cases. This allows for further experimentation and change, to grow alongside the web ecosystem.

How will shared storage work?

Shared storage will allow you to make informed decisions based on cross-site data, without sharing user information (such as browser history or other personal details) with an embedding site. You can write to shared storage at any time, like other JavaScript storage APIs (like localStorage or indexedDB). Unlike the other storage APIs, you can only read the shared storage values in a secure environment, known as a shared storage worklet.

The shared storage data can be used for:

  • URL selection: you can run a worklet script to select a URL from a provided list, based on the stored data, and then render that URL in a fenced frame. The returned URL will be an opaque URL, which means the developer and other viewers of the code won't know which URL was selected.
  • Noisy aggregation of cross-site data: you will be able to run a worklet script to send your data through the Private Aggregation API, a Privacy Sandbox proposal, which returns a privacy-preserving report.

Try the Shared Storage API

Shared Storage API with Fenced Frames can be tested in Chrome 104 (version 104.0.5086.0 or later) by enabling the Privacy Sandbox Ads APIs experiment flag at chrome://flags/#privacy-sandbox-ads-apis.

Set Privacy Sandbox Ads APIs experiment to enabled to use these APIs

Check out the example use cases and code samples.

Engage and share feedback

The shared storage proposal is under active discussion and subject to change in the future. If you try this API and have feedback, we'd love to hear it.

Last updated: Improve article

We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.