Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time
April 21, 2020 15:52

Client-Side Storage Partitioning

A Work Item of the Privacy Community Group.



User agent state that is keyed by a single origin or site is an acknowledged privacy and security bug. Through side-channels or more directly, this allows:

  1. A top-level site https://site-a.example A to infer that a user is also visiting top-level site https://site-b.example B, by embedding resources or documents from B in A. Beyond visiting, it can also allow A to infer specific state from B that depends on the user, thereby revealing many aspects of the user. Timing Attacks on Web Privacy, XS-Leaks, and COSI discuss this in more detail.
  2. Conversely, it allows a site https://tracker.example whose resources might be embedded on many different sites, to track the end user across these sites.

To solve a key aspect of this, any such user agent state needs to be keyed by more than a single origin or site.

There are many standards that together make up a user agent and many of these standards define “problematic” state. This repository’s issue tracker is where we're coordinating the effort to address these issues in a holistic manner. The actual changes will happen in each impacted standard and are collated here for visibility.

Additional keying

whatwg/html #4966 defined the top-level origin concept for an environment and HTML also defines site and obtain a site. Together these allow for a definition of top-level site, which most user agents are targeting as additional key. When this additional key is cross-site from the “normal” key, the relevant state can be considered to be partitioned.

For some user agent state it might be beneficial to add even more keys, e.g., to prevent attacks between framed documents. shivanigithub/http-cache-partitioning #2 has some relevant discussion.

Relaxing additional keying

For some user agent state (Cookies and Storage below in particular are under discussion) the additional keying might be relaxable. This is tracked by The Storage Access API though also necessarily has to inform the work noted below as it might impact architecture decisions.


Aside from using additional keying, outright blocking of the user agent state is also considered at times, e.g., for cross-site cookies or as happens today for storage in opaque origins. This is not likely to be web compatible nor even desirable for all user agent state, but could well be a valid solution for some.

User agent state

This section contains a likely inexhaustive enumeration of user agent state and ongoing standards activity. If there is state or standards activity missing please file an issue or provide a pull request.


The tentative overall plan is to block cross-site cookies and add support for partitioned cookies via opt-in. The details are still under discussion though it seems likely to be eventually standardized across the IETF and WHATWG. Relevant discussions:

Remaining user agent state

  • Network state:
    • HTTP cache (standardized in Fetch)
    • HTTP connections (standardized in Fetch)
      • Also consider speculative connections (unclear where these are created in standards, but if done through Fetch it would be correct)
    • WebSocket connections (whatwg/fetch #1243)
    • WebRTC connections (w3c/webrtc-pc #2613)
    • WebTransport connections (w3c/webtransport #128)
    • DNS
    • HTTP authentication
    • Alt-Svc
    • Fonts
    • HSTS
    • TLS client certificates
    • TLS session identifiers
    • HPKP
    • OCSP
    • Intermediate CA cache
    • Prefetch
    • Preconnect
    • CORS-preflight cache (standardized in Fetch)
  • Storage (whatwg/storage #88, whatwg/storage #90):
    • Indexed DB
    • Cache API
    • localStorage
    • sessionStorage
    • BroadcastChannel (whatwg/html #5803)
    • Shared workers
    • Service workers
    • Web Locks
  • Web Authentication
  • WebRTC’s deviceId (w3c/mediacapture-main #675)
  • Blob URL store (w3c/FileAPI #153)
  • HTML Standard’s list of available images
  • (standardized in HTML)
  • Browsing context group's agent cluster map (only observable with popups)
  • Permissions (Permissions Policy largely allows these to be disabled by default when the top-level site is not equal to the current site and require explicit delegation in such cases)
  • WebGL and WebGPU's cache of compiled shaders and pipelines (standardized by highlighting the risk in the security/privacy consideration section as the caches are only observable through timing)
  • Non-standardized features:
    • Credentials (username and password storage)
    • Form autofill data storage
    • Per-site user preferences
    • Favicon cache
    • Page info media previews
    • Save Page As


The author of this document gave a short presentation in early 2022 about the state of this effort: State of state partitioning.


The author of this document was inspired by Chromium’s Network Isolation Key, Firefox and Tor Browser’s First-Party Isolation, Safari’s Intelligent Tracking Prevention, XS-Leaks, and the many people wanting to improve these aspects of the web.


Client-Side Storage Partitioning


Code of conduct

Security policy





No releases published


No packages published