Our framework analyses which mechanisms can be leveraged to initiate cross-site requests and which cookies are included in this requests.
This generates a lot of data, of which we want to show you everything.
However, to preserve a clear overview, we use illustrations for the different requests that are initiated.
On this page, we provide a detailed explanation of these illustrations.
We use five different cookie configurations to evaluate browser instances.
Each of these configurations is based on values assigned to the cookie attributes.
For each configuration, we show the Set-Cookie header that was used to create the cookie and explain the traits of the cookie in the table below.
Each cookie was given an insignificant timestamp.
|Set-Cookie: generic=1; Expires=Wed, 30 May 2019 07:28:00 GMT
|This is a cookie with default values for all attributes that are not specified in the Set-Cookie header.
|Set-cookie: httpOnly=1; Expires=Wed, 30 May 2019 07:28:00 GMT; HttpOnly
|For this cookie, the HttpOnly flag has been set. As a result this cookie cannot be accessed through a client-side script.
|Set-cookie: secure=1; Expires=Wed, 30 May 2019 07:28:00 GMT; Secure
|For this cookie, the Secure flag has been set. As a result this cookie can only be sent over encrypted connections.
|Set-Cookie: lax=1; Expires=Wed, 30 May 2019 07:28:00 GMT; SameSite=lax
|This is a same-site cookie for which the SameSite attribute has been set to lax. Supporting browsers can only include this cookie in cross-site requests if this requests is top-leven and a GET request, or if it was initiated through prerender functionality.
|Set-Cookie: strict=1; Expires=Wed, 30 May 2019 07:28:00 GMT; SameSite=strict
|This is a same-site cookie for which the SameSite attribute has been set to strict. Supporting browsers can never include this cookie in cross-site requests.
Depiction of initiated requests and included cookies
The datatables for each experiment use images to depict whether a cross-site request has been and which cookies are included.
Here, we explain what those images mean.
|A request has been sent including the indicated cookies.
|Only a request has been set, no cookies included.