First-Party Sets (FPS) is a way for a company to declare relationships among sites, so that browsers allow limited third-party cookie access for specific purposes.
Many organizations have related sites with different domain names, such as
fly-brandx.com—or domains for different countries such as
example.co.uk and so on.
Imagine a company that helps you book a vacation. The company has two related sites:
drive-brandx.com to separate flights and car hire. Over the course of booking one journey, you can go between these sites to select their different options and you'd expect your shopping cart to remember your choices across these sites.
Related sites like these often rely on cookies to keep you signed in or show you personalized content.
As Chrome moves towards blocking third-party cookies to improve privacy on the web, new mechanisms are needed to enable these experiences to work.
Cookies set by the site you visit—the one shown in the URL bar—are first-party cookies. A site you visit can embed content from other sites, for example, images, ads, and text. Cookies coming from sites other than the current site are third-party cookies.
Defining related sites with First-Party Sets
First-Party Sets (FPS) is a way for a company to declare relationships among sites, so that browsers allow limited third-party cookie access for specific purposes. Chrome will use these declared relationships to decide when to allow or deny a site access to their cookies when in a third-party context.
At a high level, a First-Party Set is a collection of domains, for which there is a single "set primary" and potentially multiple "set members".
First-Party Sets use cases
First-Party Sets are a good match for cases when an organization needs a form of shared identity across different top-level sites. Shared identity in this case means anything from a full single sign-on solution to just needing a shared preference across sites.
An organization may have different top-level domains for:
- Branded domains:
- App domains:
- Country-specific domains to enable localization:
- Service domains that users never directly interact with, but provide services across the same organization's sites:
- Sandbox domains that users never directly interact with, but exist for security reasons: