The CHIPS API works to protect user privacy while enabling third-party functionality.
|
Someone visits a site with a feature that is enabled by a third-party service, like a weather widget. |
The CHIPS API allows the third-party widget to set and read its own cookies, but only when it’s embedded on this particular first-party site, so it can remember user details, like the location they’ve entered. |
The person’s information is kept compartmentalized and separate from any other sites, ensuring that the cookies cannot be used for cross-site sharing. |
Here's a more detailed overview:
- Someone visits a site, prompting cookie creation and storage. When the user visits a website, an embedded third-party service sets a cookie on their device. This cookie stores information about the person and their interactions with the site—like shopping cart items or language preferences—to improve their experience.
- CHIPS isolates and restricts access to the cookie. The cookie is isolated within a secure, site-specific container, like an individual cookie jar with the lid firmly sealed. This cookie jar can only be opened by the third-party provider on the same top-level site where the cookie was created, and only that third-party can read, modify, or delete the cookie.
The cookie is kept entirely separate from data used by other third-party features, like embedded content, and prevents the third-party who set the cookie from reading it on other sites the user may visit.
- Privacy is protected while maintaining relevant web experiences. This isolation prevents unintended sharing and tracking across different websites, safeguarding people’s information while preserving relevant experiences on individual sites.
Learn more about how CHIPS works in the developer documentation.