Client-Side Storage Partitioning

A Work Item of the Privacy Community Group.



User agent state that is keyed by a single origin or site is an acknowledged privacy and security bug. Through side-channels or more directly, this allows:

  1. A top-level site https://site-a.example A to infer that a user is also visiting top-level site https://site-b.example B, by embedding resources or documents from B in A. Beyond visiting, it can also allow A to infer specific state from B that depends on the user, thereby revealing many aspects of the user. Timing Attacks on Web Privacy, XS-Leaks, and COSI discuss this in more detail.
  2. Conversely, it allows a site https://tracker.example whose resources might be embedded on many different sites, to track the end user across these sites.

To solve a key aspect of this, any such user agent state needs to be keyed by more than a single origin or site.

There are many standards that together make up a user agent and many of these standards define “problematic” state. This repository’s issue tracker is where we’re coordinating the effort to address these issues in a holistic manner. The actual changes will happen in each impacted standard and are collated here for visibility.

Additional keying

whatwg/html #4966 defined the top-level origin concept for an environment and HTML also defines site and obtain a site. Together these allow for a definition of top-level site, which most user agents are targeting as additional key. When this additional key is cross-site from the “normal” key, the relevant state can be considered to be partitioned.

For some user agent state it might be beneficial to add even more keys, e.g., to prevent attacks between framed documents. shivanigithub/http-cache-partitioning #2 has some relevant discussion.

Relaxing additional keying

For some user agent state (Cookies and Storage below in particular are under discussion) the additional keying might be relaxable. This is tracked by The Storage Access API though also necessarily has to inform the work noted below as it might impact architecture decisions.


Aside from using additional keying, outright blocking of the user agent state is also considered at times, e.g., for cross-site cookies or as happens today for storage in opaque origins. This is not likely to be web compatible nor even desirable for all user agent state, but could well be a valid solution for some.

User agent state

This section contains a likely inexhaustive enumeration of user agent state and ongoing standards activity. If there is state or standards activity missing please file an issue or provide a pull request.


The tentative overall plan is to block cross-site cookies and add support for partitioned cookies via opt-in. The details are still under discussion though it seems likely to be eventually standardized across the IETF and WHATWG. Relevant discussions:

Remaining user agent state


The author of this document gave a short presentation in early 2022 about the state of this effort: State of state partitioning.


The author of this document was inspired by Chromium’s Network Isolation Key, Firefox and Tor Browser’s First-Party Isolation, Safari’s Intelligent Tracking Prevention, XS-Leaks, and the many people wanting to improve these aspects of the web.