Why does logging in via Google fail on some sites?

If the login uses an iframe-based flow, third-party cookie blocking prevents the auth cookie from being set. The site should update to use redirect-based OAuth flows which work without third-party cookies.

What is the Storage Access API?

A browser API that allows embedded content to request access to its first-party cookies when used in a third-party context. The user sees a prompt and must grant permission.

Third-Party Cookie Blocking — Cross-Site Tracking Prevention and Breakage

Warningsecurity

Overview

Understand and fix third-party cookie blocking issues in modern browsers, including site breakage from tracking prevention, SSO failures, and embedded content issues.

Key Details

Third-party cookies are set by domains other than the site you are visiting (used for tracking and ads)
Chrome is phasing out third-party cookies (Privacy Sandbox); Safari and Firefox already block them
Safari ITP (Intelligent Tracking Prevention) aggressively blocks and limits cookie lifetimes
Third-party cookie blocking can break: SSO login, embedded content (maps, videos), payment processors
SameSite=None; Secure attribute is required for cookies that need cross-site access

Common Causes

Browser's tracking prevention blocking legitimate cross-site cookies
Embedded iframe content from a different domain unable to set or read cookies
SSO (Single Sign-On) provider's authentication cookie blocked as third-party
Payment gateway's session cookie blocked, preventing transaction completion
Analytics cookies blocked, causing session tracking to fail

Steps

1Test with third-party cookies enabled: Chrome Settings > Privacy > Cookies > Allow all cookies (temporarily)
2For developers: set SameSite=None; Secure on cookies that need cross-site access
3Use Storage Access API: document.requestStorageAccess() for embedded content needing cookie access
4For SSO: implement redirect-based authentication flows instead of iframe-based
5Safari: users can allow cross-site tracking in Settings > Safari > Privacy > uncheck 'Prevent cross-site tracking'
6Migrate to alternatives: First-party cookies, localStorage, server-side sessions, or Privacy Sandbox APIs

More in Security

windows-defender-errorsWindows Defender Errors — Antivirus Not Working or Updating

Error

windows-error-0x80073b01-defender-serviceWindows Error 0x80073B01 — Windows Defender Service Failed to Start

Error

windows-bitlocker-recovery-key-errorsBitLocker Recovery Key Errors — Drive Locked and Recovery Key Not Found

Critical

mac-gatekeeper-app-blockedMac Gatekeeper — App Cannot Be Opened (Unidentified Developer)

Warning

mac-filevault-recovery-errorsMac FileVault Errors — Encryption, Decryption & Recovery Key Issues

Error

mac-keychain-errors-passwordsMac Keychain Errors — Password Prompts, Locked Keychain, and Repair Guide

Warning

Frequently Asked Questions

Chrome planned to phase out third-party cookies but has extended the timeline multiple times. As of 2025, Chrome is implementing Privacy Sandbox APIs as alternatives. Check Chrome's privacy sandbox documentation for the latest timeline.

Third-Party Cookie Blocking — Cross-Site Tracking Prevention and Breakage

Overview

Key Details

Common Causes

Steps

Tags

Related Items

More in Security

Frequently Asked Questions