Can I use
?

'SameSite' cookie attribute

- OTHER

Same-site cookies ("First-Party-Only" or "First-Party") allow servers to mitigate the risk of CSRF and information leakage attacks by asserting that a particular cookie should only be sent with requests initiated from the same registrable domain.

Chrome

  1. 4 - 50: Not supported
  2. 51 - 79: Supported
  3. 80 - 130: Supported
  4. 131: Supported
  5. 132 - 134: Supported

Edge

  1. 12 - 15: Not supported
  2. 16 - 17: Supported
  3. 18 - 85: Supported
  4. 86 - 130: Supported
  5. 131: Supported

Safari

  1. 3.1 - 11.1: Not supported
  2. 12 - 13.1: Partial support
  3. 14 - 14.1: Partial support
  4. 15 - 18.0: Supported
  5. 18.1: Supported
  6. 18.2 - TP: Supported

Firefox

  1. 2 - 59: Not supported
  2. 60 - 131: Supported
  3. 132: Supported
  4. 133 - 135: Supported

Opera

  1. 9 - 38: Not supported
  2. 39 - 70: Supported
  3. 71 - 113: Supported
  4. 114: Supported

IE

  1. 5.5 - 10: Not supported
  2. 11: Partial support

Chrome for Android

  1. 131: Supported

Safari on iOS

  1. 3.2 - 11.4: Not supported
  2. 12 - 12.5: Partial support
  3. 13 - 18.0: Supported
  4. 18.1: Supported
  5. 18.2: Supported

Samsung Internet

  1. 4: Not supported
  2. 5 - 25: Supported
  3. 26: Supported

Opera Mini

  1. all: Not supported

Opera Mobile

  1. 10 - 12.1: Not supported
  2. 80: Supported

UC Browser for Android

  1. 15.5: Not supported

Android Browser

  1. 2.1 - 4.4.4: Not supported
  2. 131: Supported

Firefox for Android

  1. 132: Supported

QQ Browser

  1. 14.9: Support unknown

Baidu Browser

  1. 13.52: Supported

KaiOS Browser

  1. 2.5: Not supported
  2. 3: Supported

This feature is backwards compatible. Browsers not supporting this feature will simply use the cookie as a regular cookie. There is no need to deliver different cookies to clients.

Resources:
MS Edge dev blog: "Previewing support for same-site cookies in Microsoft Edge"
Mozilla Bug #1286861, includes the patches that landed SameSite support in Firefox
Mozilla Bug #1551798: Prototype SameSite=Lax by default
Mozilla Bug #795346: Add SameSite support for cookies
Microsoft Edge Browser Status
Same-site cookies demonstration by Rowan Merewood
Preventing CSRF with the same-site cookie attribute