FAQs

The Privacy Sandbox is a series of proposals to satisfy cross-site use cases without third-party cookies or other tracking mechanisms.

Published on Updated on

Translated to: 日本語

Here you'll find common questions about the Privacy Sandbox. The range of questions is in no way comprehensive, and we expect the list of topics under each heading to grow substantially over time.

Contributions are welcome. If you have a Privacy Sandbox question that's not answered here:

General questions

Why do we need the Privacy Sandbox?

The Privacy Sandbox initiative has two core aims:

  • Develop replacement solutions to support web use cases and business models without allowing users to be tracked across sites, and avoiding cross-site tracking users aren't aware of.
  • Phase out support for third-party cookies and other forms of tracking when new solutions are in place.

Who works on the Privacy Sandbox?

The Privacy Sandbox is a set of proposed web standards.

Chrome and other browser vendors, as well as ad companies and other stakeholders, have offered more than 30 proposals to date. These proposals can be found in the public resources of W3C groups and cover a wide variety of use cases and requirements.

How can I keep track of changes and progress in the Privacy Sandbox?

You can follow the monthly updates to the Progress in the Privacy Sandbox series of articles which also includes an RSS / Atom feed where you can subscribe with your preferred reader.

The article series links to the matching monthly updates to the Privacy Sandbox timeline which shows the current status and schedule for proposals.

These high-level resources will provide signposts to changes across the project, but for individual proposals where you want to follow in detail you should:

  • Watch or Star proposal repos on GitHub to get notification of new issues and updates: the Privacy Sandbox status page provides a link to the repo for each proposal
  • Join the associated W3C group for regular meetings discussing the proposal detail
  • Star the associated entry on Chrome Platform Status for email updates on Chrome implementation changes

How can I get involved?

For questions about specific APIs, you can file an issue on the GitHub repo for an API Explainer.

Can you define the terminology in the API explainers?

Yes, refer to the Privacy Sandbox glossary.

When will the Privacy Sandbox APIs be implemented?

The Privacy Sandbox timeline shows the roadmap to phase out third-party cookies. Additional current information for individual APIs is available on the implementation status page.

Are the Privacy Sandbox APIs in Chromium or Chrome?

The APIs are implemented in Chromium, which is the open-source browser used to make Chrome. Code for the Privacy Sandbox APIs can be accessed via Chromium Code Search.

You can download Chromium, then run it with flags to allow access to APIs that are in the process of implementation.

How can I try Privacy Sandbox APIs that aren't yet turned on by default?

As an API progresses through development in Chrome, there are multiple ways it may be made available for testing.

  • For a single user via command line flags
    Early features may often provide a specific command line flag to allow a developer to launch the browser with the new feature enabled.
  • For a single user via chrome://flags
    As a feature progresses, it's often made available via an experimental flag within the more accessible chrome://flags interface. These flags can also be enabled via the command line. chrome://flags#enable-experimental-web-platform-features bundles together current experimental features.
  • For your users, in an origin trial
    Once an iteration of a new feature is code-complete and relatively stable, an origin trial may be provided to allow individual sites to turn on the feature for Chrome users on their site. If an origin trial is available for an API you want to test with your users, register for the origin trial and provide a valid trial token with every page load.
  • For users of early Chrome releases
    When a feature is approved to ship in a given release, it will progress through Canary and Beta channels before it reaches Stable. The feature will be turned on by default for all users of those channels.
Caution

Chrome offers users the ability to opt-out of Privacy Sandbox trials in browser settings. Users who opt-out will not have Privacy Sandbox features turned on, even on pages which provide a valid origin trial token.

I registered for an origin trial, but the API isn't working on my site

See Troubleshooting Chrome's origin trials.

Will Privacy Sandbox origin trials work in Chromium or other browsers?

Chrome origin trials are designed to work for Chrome users. Don't rely on Chrome origin trial tokens to allow trial features in other browsers, including Chromium, and other Chromium-based browsers.

For more detailed information, see Troubleshooting Chrome's origin trials.

Chrome on iOS and iPadOS does not support Chrome origin trials.

Can a site participate in origin trials but opt-out of using a feature in specific geographic regions?

In short, no, you cannot opt-out of an origin trial for specific regions. Origin trials are active on pages which contain the token, included via HTTP headers (server-side) or HTML meta tags (client-side).

If you can determine the user's location, then you could write code which opts to include the origin trial token based on that location information. For example, you could attempt to use IP addresses to determine a user's location. IP addresses can be spoofed, so this is not a guaranteed solution.

However, a geographic-specific origin can set a Permissions Policy to control what features are usable. For example, us.example.com and uk.example.com are geographic-specific origins which can be controlled. This does not mean that a region has opted-out of the origin trial.

With a Permissions Policy, a site adds a little snippet of code to their pages that provides instructions to the browser. When the page loads, the browser reads the Permission Policy instructions and will allow or block features (or APIs) as outlined in the Permissions Policy. If a site wants to restrict an API in a specific region, the developer could set a policy for all pages requested from that region.

Warning

Users may choose to visit an origin from a region that's different from where they are. In other words, a user in the United States may be able to visit uk.example.com. Those users would see features and functions for the United States site that were blocked for the United Kingdom site.

Trust Tokens

How can I ask a question about this feature?

  • For questions about the proposal: create an issue on the proposal repo.
  • For origin trial questions: file a Chromium bug
    or respond to the feedback form that is sent to you as an origin trial participant.
  • For implementation, integration, and general best practice questions: create an issue on the Privacy Sandbox developer support repo.

Is tooling available for Trust Tokens?

Chrome DevTools turns on trust token inspection from the Network and Application tabs: read Getting started with Trust Tokens.

How do publishers handle tokens from multiple trusted issuers?

The publisher can check a user's browser for valid tokens with document.hasTrustToken() for one issuer at a time. If this returns true and a token is available, the publisher can redeem the token and stop looking for other tokens.

The publisher must decide which token issuers to check and in what order.

Topics

How can I ask a question about this feature?

  • For questions about the proposal: create an issue on the proposal repo.
  • For questions about the implementation currently available to test in Chrome: file a Chromium bug.
  • For implementation, integration, and general best practice questions: create an issue on the Privacy Sandbox developer support repo.

Can I opt out of topic calculation for specific pages on my site?

Yes. Include the Permissions-Policy: browsing-topics=() header on a page to prevent topics calculation for all users on that page only. Subsequent visits to other pages on your site will not be affected. If you set a policy to block the Topics API on one page, this does won't affect other pages.

Topics are only inferred from the hostname and not from the URL path.

Can I control which third parties have access to topics on my page?

Yes. You can use the Permission Policy header to control third-party access to the Topics API on your page. Use self and any domains you would like to allow access to the API as parameters.

For example, to completely disable use of the Topics API within all browsing contexts except for your own origin and those whose origin is https://example.com, set the following HTTP response header: 'Permissions-Policy: geolocation=(self "https://example.com")`

Can Topics API be used with on websites with prebid.js?

Yes. Topics are available to API callers when the document.browsingTopics() call to access topics is made from a document with the same origin as the call to observe topics.

For example, a call to observe topics could be made from an iframe whose src is same-origin as the source of the Topics API call to access topics. You can try out an example at topics-demo.glitch.me.

FLEDGE

How can I ask a question about this feature?

  • For questions about the proposal: create an issue on the proposal repo.
  • For questions about the implementation currently available to test in Chrome: file a Chromium bug.
  • For implementation, integration, and general best practice questions: create an issue on the Privacy Sandbox developer support repo.

What's the difference between FLEDGE and TURTLEDOVE?

FLEDGE is the first experiment to be implemented in Chromium within the TURTLEDOVE family of proposals. The differences mostly pertain to separation of the on-device role of the ad buyer and seller:

FLEDGE allows a 'trusted server' to provide access to real-time data used by a worklet in bidding, without compromising privacy. Each interest group can have a trusted_bidding_signals_url and trusted_bidding_signals_keys attribute.

At auction time, the browser communicates with the trusted server to fetch the values for those keys, and then makes those values available to the generate_bid() function. The advertiser (ad buyer) can store additional metadata, along with the interest group, to improve on-device bidding.

Can the Topics API be used with the FLEDGE API?

Yes. An observed topic for the current user, provided by the Topics API, could be used as contextual information by a seller or bidder. A topic could be included in the following properties:

  • auctionSignals, a property of the auction configuration object passed to navigator.runAdAuction()
  • userBiddingSignals, a property of the interest group configuration object passed to navigator.joinAdInterestGroup()

Attribution Reporting

How can I ask a question about this feature?

Is Attribution Reporting the same as the Event Conversion Measurement API?

Yes. The name was changed, as the original event-level scope expanded to cover additional measurement use cases.

First-Party Sets

How can I ask a question about this feature?

  • For questions about the proposal: create an issue on the proposal repo.
  • For implementation, integration, and general best practice questions: create an issue on the Privacy Sandbox developer support repo.

What does 'sharded' mean in the context of First-Party Sets?

The registrable domains, or "First-Party Set," is not joined across domains.

For example, a.example, b.example, and c.example are not inherently part of a first-party set owned by any one domain. The owner domain must serve a manifest file which defines the relationship to other domains.

User-Agent Client Hints (UA-CH)

How can I ask a question about this feature?

  • For questions about the API: create an issue on the specification repo.
  • For implementation, integration, and general best practice questions: create an issue on the Privacy Sandbox developer support repo.

How can I detect tablet devices with the UA-CH API?

As the line between mobile, tablet, and desktop devices continues to become less distinct and dynamic form-factors are more common (folding screens, switching between laptop and tablet mode), it's advisable to use responsive design and feature detection to present an appropriate user interface.

However, information provided by the browser for both the User-Agent string and User-Agent Client Hints comes from the same source, so the same forms of logic should work.

For example, if this pattern is checked on the UA string:

  • Phone pattern: 'Android' + 'Chrome/[.0-9]* Mobile'
  • Tablet pattern: 'Android' + 'Chrome/[.0-9]* (?!Mobile)'

The matching default UA-CH headers interface may be checked:

  • Phone pattern: Sec-CH-UA-Platform: "Android", Sec-CH-UA-Mobile: ?1
  • Tablet pattern: Sec-CH-UA-Platform: "Android", Sec-CH-UA-Mobile: ?0

Or the equivalent JavaScript interface:

  • Phone pattern: navigator.userAgentData.platform === 'Android' && navigator.userAgentData.mobile === true
  • Tablet pattern: navigator.userAgentData.platform === 'Android' && navigator.userAgentData.mobile === false

For hardware-specific use-cases, the device model name can be requested via the high entropy Sec-CH-UA-Model hint.

How long will hints specified via the Accept-CH header be sent?

Hints specified via the Accept-CH header will be sent for the duration of the browser session or until a different set of hints are specified.

Does UA-CH work with HTTP/2 and HTTP/3?

UA-CH works with both HTTP/2 and HTTP/3 connections.

Caution

Client Hints are only sent over secure connections, so make sure your uses HTTPS.

Do subdomains (and CNAMEs) require a top-level page Permissions-Policy to access high entropy UA-CH?

High-entropy UA-CH on request headers are restricted on cross-origin requests regardless of how that origin is defined on the DNS side. Delegation must be handled via Permissions-Policy for any cross-origin subresource or obtained via JavaScript which executes in the cross-origin context.

How does User-Agent reduction affect bot detection?

Chrome's change to its user-agent string does not directly impact the user-agent string that a bot chooses to send.

Bots may choose to update their own strings to reflect the reduced information Chrome sends, but that is entirely their implementation choice. Chrome is still sending the same user-agent format, and bots that append their own identifier to the end of a Chrome user-agent string can continue to do so.

For any concerns with specific bots, it may be worth reaching out directly to the owners to ask if they have any plans to change their user-agent string.

Shared storage

How can I ask a question about this feature?

  • For questions about the proposal: create an issue on the proposal repo.
  • For implementation, integration, and general best practice questions: create an issue on the Privacy Sandbox developer support repo.

CHIPS

How can I ask a question about this feature?

  • For questions about the proposal: create an issue on the proposal repo.
  • For implementation, integration, and general best practice questions: create an issue on the Privacy Sandbox developer support repo.

Storage Partitioning

How can I ask a question about this feature?

  • For questions about the proposal: create an issue on the repo for the proposal explainer.
  • For implementation, integration, and general best practice questions: create an issue on the Privacy Sandbox developer support repo.

Fenced frames

How can I ask a question about this feature?

  • For questions about the proposal: create an issue on the proposal repo.
  • For implementation, integration, and general best practice questions: create an issue on the Privacy Sandbox developer support repo.

What are the use cases for fenced frames?

The API proposes a new form of embedded document that will allow new APIs to isolate themselves from their embedders. This prevents cross-site recognition.

For ads use cases, see Fenced frames for Ads Design Doc.

Network State Partitioning

How can I ask a question about this feature?

  • For questions about the specification: create an issue on repo for the explainer.
  • For implementation, integration, and general best practice questions: create an issue on the Privacy Sandbox developer support repo.

FedCM

How can I ask a question about this feature?

  • For questions about the proposal: create an issue on the proposal repo.
  • For implementation, integration, and general best practice questions: create an issue on the Privacy Sandbox developer support repo.

What is FedCM?

FedCM (Federated Credential Management) is a proposal for a privacy-preserving approach to federated identity services (such as "Sign in with ...") where users can log into sites without sharing their personal information with the identity service or the site.

FedCM is still in incubation in the W3C.

Last updated: Improve article

We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.