Archived: How We’re Protecting Your Online Privacy - The Privacy Sandbox

This is a simplified archive of the page at

Use this page embed on your own site:

Privacy Sandbox is developing privacy-preserving technologies to protect your online privacy so you can browse the web without invasive tracking.


Privacy Sandbox for the Web

Privacy Sandbox for the Web will phase out third-party cookies A "cookie" is a small piece of data stored in the browser when a user visits a website. Third-party cookies are stored by a service that operates across multiple sites. For example, an ad platform might store a cookie when you visit a news site. First-party cookies are stored by a website itself. by using the latest privacy techniques, like differential privacy, A system for sharing information about a dataset to reveal patterns of behavior, without revealing private information about individuals or whether they belong to the dataset. k-anonymity, A measure of anonymity within a dataset. If you have k=1000 anonymity, you can’t be distinguished from 999 other individuals in the dataset. and on-device processing. Computation is performed "locally" on a device (e.g., your phone or computer) without communicating with external servers.

Privacy Sandbox also helps to limit other forms of tracking, like fingerprinting, Information collected about a person’s software and hardware for the purpose of identification. by restricting the amount of information sites can access so that your information stays private, safe, and secure.

A globe that represents the open web surrounded by internet services icons.

The Privacy Sandbox Timeline for the web

The Privacy Sandbox proposals are being developed in public forums, in collaboration with members of the industry. The proposals are in various stages of the development process. This timeline reflects when we expect new privacy-preserving APIs and other technologies to be ready in support of key use cases, so that Chrome can responsibly phase out third-party cookies. Information may change and will be updated monthly. More details about public Privacy Sandbox feedback channels can be found here. Stakeholders can also use this form to share feedback directly with Chrome. Last Update: March 2022.

Graph showing the timeline of the different privacy sandbox initiatives.

Phases of the privacy sandbox initiatives

Fight spam and fraud on the web

Fight spam and fraud on the web proposals phases: Testing period: Q1 2021 through the end of Q3 2022; Transition period, stage 1: Q4 2022 through the end of Q2 2023; Transition period, stage 2: Q3 2023.

Show relevant content and ads

Show relevant content and ads proposals phases: Discussion period: Q1 2021 through the end of Q4 2021; Testing period: Q1 2022 through the end of Q3 2022; Transition period, stage 1: Q4 2022 through the end of Q2 2023; Transition period, stage 2: Q3 2023


OT STARTED: The FLoC API origin trial for the initial version of FLoC ran from Chrome 89 to Chrome 91.

OT CLOSED: The origin trial for the initial version of FLoC ran from Chrome 89-91. The development of FLoC has stopped. The “Show Relevant Content and Ads” use case will now be addressed by Topics.


FEATURE FLAG: The feature flag is available from Chrome 91.

Read more

OT ANNOUNCED: The origin trial for FLEDGE API was announced in Q1 2022.

Read more

Measure digital ads

Measure digital ads proposals phases: Discussion period: Q1 2021 through the end of Q4 2021; Testing period: Q1 2022 through the end of Q3 2022; Transition period, stage 1: Q4 2022 through the end of Q2 2023; Transition period, stage 2: Q3 2023

Attribution Reporting API

OT STARTED: The Core Attribution API origin trial has been open since Q4 of 2020.

OT CLOSED: The first origin trial for the Attribution Reporting API ended on January 25, 2022.

Read more

OT ANNOUNCED: The second origin trial for Attribution Reporting, which includes support for aggregate measurement and view-through conversions was announced in Q1 2022.

Read more

Strengthen Cross-site Privacy Boundaries

Strengthen Cross-site Privacy Boundaries proposals phases: Discussion period: Q1 2021 through the end of Q1 2022; Testing period: Q2 2022 through the end of Q3 2022; Transition period, stage 1: Q4 2022 through the end of Q2 2023; Transition period, stage 2: Q3 2023.

First-Party Sets API

FEATURE FLAG: The feature flag for First-Party Sets is available from Chrome 89.

Read more

OT STARTED: The First-Party Sets API origin trial has been open since Q1 of 2021.

OT CLOSED: The First-Party Sets origin trial for FPS ran from Chrome 89-93.

The start for the Shared Storage API origin trial has yet to be determined.

Shared Storage API

The start for the Fenced Frames API origin trial has yet to be determined.

Fenced Frames API

The Privacy Sandbox initiative also includes efforts designed to limit covert tracking. These include proposals that address specific covert tracking techniques such as fingerprinting and network-level tracking.

The Privacy Sandbox Proposals for the Web

Trust Tokens

Trust Tokens will help websites distinguish real people from bots or malicious attackers. Based on your behavior on a site, like regularly signing into an account, a site can choose to issue a trust token to your browser. The token can then be checked by other sites that want to verify that you’re a human, and not a bot. Trust tokens are encrypted, so it isn't possible to identify an individual or connect trusted and untrusted instances to discover your identity.

Read more

Topics API

Topics are recognizable categories that the browser infers based on the pages you visit. With Topics, the specific sites you’ve visited are no longer shared across the web, like they might have been with third-party cookies. In Chrome, you will be able to see the topics and remove any you don’t like, or disable them completely in Settings.

Read more

FLoC was a proposal in the Privacy Sandbox designed to cluster people with similar browsing patterns into large groups, or "cohorts". This "safety in numbers" approach was designed to effectively blend any individuals into a crowd of people with similar interests. The development of FLoC stopped in 2021.

Read more

FLEDGE is a new way to address remarketing, ie. reminding you of sites and products you’ve been interested in, without relying on third-party cookies. As you move across the web, the sites of advertisers you’ve visited can inform your browser that they would like a chance to show you ads in the future. They can also directly share information with your browser including the specific ads they'd like to show you and how much they'd be willing to pay to show you an ad. Then, when you visit a website with ad space, an algorithm in your browser helps inform what ad might appear.

Read more

Attribution Reporting API

Marketers currently rely on third-party cookies to gather data about a person’s browsing activity and how they respond to ads. To allow advertisers to place relevant ads and study their effectiveness in a privacy preserving way, the Privacy Sandbox will replace third-party cookies with new measurement and reporting tools that will prevent people from being identified across different websites. This includes several connected proposals.

Read more

First Party Sets

Current attempts to restrict cross-site tracking don't address a common scenario: one organization may have related sites with different domain names, and may need to load resources like videos or perform other activities across those domains.

This Privacy Sandbox proposal allows domains that belong to the same entity to declare themselves as a "first-party set". Outside of the first-party set, the exchange of information is restricted to protect people’s privacy.

Read more
Shared Storage API

To prevent cross-site tracking, browsers are starting to separate all forms of storage, e.g. caches, localStorage etc. However, there are many legitimate cases where shared storage is needed, and this proposal aims to address them. It will provide "shared storage" that isn’t partitioned, but ensures the data in it can only be read in a secure environment.

Read more

Sometimes, embedded services such as chat widgets or embedded maps need to know about your activity on the given site to work properly. Privacy Sandbox introduces partitioned cookies a.k.a. CHIPS (Cookies Having Independent Partitioned State) that will indicate to browsers that the necessary cookie is allowed to work "across sites" only between the site in question (or sites within the same First-Party Set) and an embedded widget.

Read more
Storage Partitioning

Storage Partitioning will isolate some web platform APIs used for storage or communication if used by an embedded service on the site, ie. in the third-party context. This effort will help make the web more private and secure while largely maintaining web compatibility with existing sites.

Read more
Fenced Frames API

Fenced frames are a type of embedded frame, like an iframe, that can’t communicate with the host page. This makes it safe for the fenced frame to have access to its unpartitioned storage since it will not be able to join its identifier with the top site.

Read more
Network State Partitioning

A browser’s network resources, such as connections, DNS cache, and alternative service data are generally shared globally. Network State Partitioning will partition much of this state to prevent these resources from being shared across first-party contexts. To do this, each request will have an additional "network partition key" that must match in order for resources to be reused.

This extra key will protect user privacy by making it so that sites will not be able to access shared resources and metadata learned from loading other sites.

Read more
Federated Credential Management

Federated Credential Management aims to bridge the gap for the federated identity designs which relied on third-party cookies. The API provides the primitives needed to support federated identity when/where it depends on third-party cookies, from sign-in to sign-out and revocation.

Read more

Same-Site Cookies

Chrome (and other browsers) require developers to use a SameSite cookie "label" to clearly specify if a cookie is used in a first-party or third-party context. This means that browser controls can be more precise, e.g. enabling control over third-party cookies only. There is also a significant security benefit by protecting cookies from cross-site injection and data disclosure attacks.

Read more
User-Agent Client Hints

The User-Agent string specifies details about the browser and device you use so that sites you visit render and function well. However, it is also a significant surface for so-called passive fingerprinting. Client Hints API enables sites to request the information they need directly and will eventually reduce details contained in the User-Agent string, limiting the information shared about you online.

Read more
User-Agent Reduction

User-Agent (UA) reduction is the effort to minimize the identifying information shared in the User-Agent string which may be used for passive fingerprinting.

Read more
HTTP Cache Partitioning

With cache partitioning, cached resources will be keyed using a new "Network Isolation Key" in addition to the resource URL. The Network Isolation Key is composed of the top-level site and the current-frame site. This adds an additional layer of security.

Read more

DNS-over-HTTPS is a protocol that encrypts Domain Name System (DNS) queries and responses by encoding them within HTTPS messages. This helps prevent attackers from observing what sites you visit or sending you to phishing websites.

Read more

Gnatcatcher is Privacy Sandbox's proposal to hide your IP address. At a baseline, it will ensure your IP addresses will be hidden, but sites can do the extra work to attest that they aren’t misusing IP addresses if they would like to have direct connections.

Read more
Privacy Budget

Privacy Budget is a proposal that combines multiple factors to help limit fingerprinting. It’s being designed to work by restricting the amount of identifying information that a site is allowed to access in order to help prevent the user from being uniquely identifiable.

Read more

Frequently Asked Questions

The timeline will be updated monthly.

Not necessarily. Chrome is focused on developing proposals that support key use cases. The set of proposals solving for a particular use case (for example, showing relevant content and ads) may change and evolve over time, with web community feedback and testing. The APIs shown on the timeline are based on current expectations and might change.

It’s difficult to forecast how long the open, public process for developing a new web technology might take, as the new APIs may receive a lot of feedback or require multiple testing cycles. These extended discussions and testing stages often produce better, more complete solutions, and the timeline for testing and ready for adoption of use cases might change accordingly.

The timeline is specific to key use cases related to Chrome’s plan to phase out third-party cookies. The technologies solving for the second goal of the Privacy Sandbox initiative -- prevent covert tracking -- will follow separate timelines, as noted above.

Origin trials are one method of testing new web technologies in Chrome. "OT" labels are shown when a Chrome origin trial has been publicly announced, is in progress, or has concluded. We will add new origin trials, and other forms of available testing, on the timeline as part of the monthly updates.

Chrome’s origin trial registration page provides information for origin trials that are live or starting soon. Click the "Register" button for an active origin trial to see planned start and end dates. Note, it’s common to extend origin trials when further testing is needed. It is also common for technologies to go through multiple origin trials as they are refined.

The "ready for adoption" milestone reflects when Chrome expects each use case to be supported globally. It is common for testing to begin with a limited population and gradually expand. We are committed to making all of the Privacy Sandbox technologies available for testing worldwide before they launch. For the "testing" stage, certain APIs may be available in limited ways, for example in selected countries.

This timeline reflects the use cases Chrome expects to support before phasing out third-party cookies. Many of the proposed technologies shown on the timeline incorporate concepts and feedback from industry and ecosystem stakeholders. We'll continue to engage publicly and review other proposals as we consider the best way to address critical use cases that support the open web ecosystem.

While features are in development they are often made available behind one or more temporary flags (off by default) that can be used to enable and configure their behavior for local developer testing purposes. This may be as command line flags that need to be passed in when launching Chrome or as options in the chrome://flags browser interface.

  • This timeline reflects Chrome’s best estimates, as of March 2022, of the timing of the key Privacy Sandbox use cases, including the availability of origin trials, readiness at scale of the listed APIs, and ending support for third-party cookies. Dates are subject to change. Chrome will update this timeline monthly with current estimates.
  • The timeline lists the use cases that Chrome plans to support before the transition period: Fighting spam and fraud on the web; Measuring digital ads; Showing relevant content and ads; Strengthening cross-site privacy boundaries. The APIs listed under each use case reflect Chrome’s current proposals to support this use case. The specific APIs are subject to change.
  • Stage 1 of the transition period is expected to last nine months. In Stage 2, we will lower third-party cookies’ Time To Live (TTL) based on a timeline we plan to announce during Stage 1. Stage 2 is expected to last approximately three months.
  • The transition period will start once APIs for all of the use cases are ready for scaled adoption. Chrome will announce the start of the transition period on this site and on the Keyword blog.