Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.

Global Accelerated Learning • Est. 1999
Glossary Term SameSite Cookie

Training Camp • Cybersecurity Glossary

What is SameSite Cookie?

The SameSite cookie attribute controls cross-site cookie sending with Strict, Lax, and None values to help defend against CSRF attacks.

Glossary > Application & API Security > SameSite Cookie

Understanding SameSite Cookie

The SameSite cookie attribute instructs browsers when to include a cookie on cross-site requests, providing a defense against cross-site request forgery and some cross-site leak attacks. Its values are Strict (never sent cross-site), Lax (sent on top-level safe navigations, the modern browser default), and None (sent on all cross-site requests but only when paired with the Secure flag). It is defined in the IETF cookie standard RFC 6265bis.

Learn More About SameSite Cookie:

Ready to Get Certified?

Turn knowledge into credentials with our instructor-led cybersecurity boot camps.

View All Courses →