What is the Privacy Sandbox?

The Privacy Sandbox is a series of proposals to satisfy cross-site use cases without third-party cookies or other tracking mechanisms.

Published on Updated on

Translated to: Español, Português, 한국어, 中文, Pусский, 日本語, Français, Deutsch

Why do we need the Privacy Sandbox?

The Privacy Sandbox initiative has two core aims:

  • Develop replacement solutions to support web use cases and business models without enabling users to be tracked across sites, and avoiding cross-site tracking users aren't aware of.
  • Phase out support for third-party cookies when new solutions are in place.

What are the Privacy Sandbox proposals?

Chrome and other ecosystem stakeholders have offered more than 30 proposals to date, which can be found in the public resources of W3C groups. These proposals cover a wide variety of use cases and requirements.

The key proposals are listed below.

Some items below link to API explainers or other resources.

Over the coming months, we'll add more posts within this site to summarize external content.

Strengthen cross-site privacy boundaries

  • First-Party Sets: Allow related domain names owned by the same entity to declare themselves as belonging to the same first party.
  • Shared Storage: Proposal for a general-purpose, low-level API that can serve a number of legitimate use cases that currently rely on unpartitioned storage (which is being deprecated).
  • CHIPS: As with First-Party Sets, this proposal addresses use cases around partitioning, and how cross-origin interactions and sharing might be enabled, where it makes sense, and how this can be kept safe. The core aim is to allow cookies to be set by a third-party service, but only read within the context of the top-level site where they were initially set. A partitioned third-party cookie is tied to the top-level site where it was initially set and cannot be accessed from elsewhere.
  • SameSite cookies: Secure sites by explicitly marking cross-site cookies.
  • Storage Partitioning: Enable all forms of user agent state, such as localStorage or cookies, to be double-keyed: by the top-level site as well as the origin of the resource being loaded, rather than a single origin or site.
  • Fenced Frames: Provide a type of frame element that can be used to display content (such as an advertisement) but can't interact with the page around it.
  • Network State Partitioning: Partition network state to prevent browser network resources being shared across first-party contexts, by ensuring that every request has a network partition key that must match in order for resources to be reused.
  • HTTP Cache Partitioning: Improve security and privacy by partitioning the browser HTTP cache.
  • Federated Credential Management: Support federated identity (where a user can sign into a website through a third-party service) without sharing the user's email address or other identifying information with a third-party service or website, unless the user explicitly agrees to do so. WebID enables federated sign-in without the use of redirects, pop-ups or third-party cookies which can be used to identify and track users across sites.

Show relevant content and ads

  • Topics API: Enable interest-based advertising. Designed so that it doesn't require third-party cookies and cannot be used by third parties to track user browsing behavior across sites. The Topics API proposes a mechanism to map website hostnames to topics of interest, and provides a JavaScript API that returns coarse-grained topics a user might currently be interested in, based on their recent browsing activity.
  • FLEDGE: Ad selection to serve remarketing and custom audience use cases, designed so that it cannot be used by third parties to track user browsing behavior across sites. FLEDGE is the first experiment to be implemented in Chromium within the TURTLEDOVE family of proposals.

Measure digital ads

  • Core Attribution Reporting: Correlate ad clicks or ad views with conversions. Previously known as the Event Conversion Measurement API. Enables two types of reports: event-level and aggregate.

Prevent covert tracking

  • User-Agent Client Hints: The User-Agent (UA) string is a significant passive fingerprinting surface, as well as being difficult to process. Client Hints enable developers to actively request only the information they need about the user's device or conditions, rather than needing to parse this data from the User-Agent string.
  • DNS-over-HTTPS: A protocol for DNS resolution via the secure context of HTTPS.
  • Gnatcatcher: Limit the ability to identify individual users by accessing their IP address. There are two parts to the proposal: Willful IP Blindness provides a way for websites to let browsers know they are not connecting IP addresses with users, and Near-path NAT allows groups of users to send their traffic through the same privatizing server, effectively hiding their IP addresses from a site host. Gnatcatcher also ensures that sites requiring access to IP addresses for legitimate purposes such as abuse prevention can do so, subject to certification and auditing.
  • Privacy Budget: Explore methods of quantifying the amount of information about a user's browser or device that are available to websites, and develop practical mechanisms to enable browser-based limits on the information a site can access.

Fight spam and fraud on the web

  • Private State Tokens: Enable a website to convey a limited amount of information from one browsing context to another (for example, across sites) to help combat fraud, without passive tracking.

Who is working on the Privacy Sandbox?

By early 2021 there were:

When will the APIs be implemented?

The implementation status page on this site provides progress updates for individual APIs.

Engage and share feedback

Find out more

Privacy Sandbox proposal explainers

The API proposal explainers need feedback, in particular to suggest missing use cases and more-private ways to accomplish their goals. You can make comments or ask questions in the Issues tab for each explainer.

Articles and videos for web developers

Principles and concepts behind the proposals

Updated on Improve article

We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.