Get your business ready
Read case studies from companies helping to shape the future of online privacy, or learn more about the Privacy Sandbox technologies in our developer documentation.
Privacy Sandbox for the Web
Privacy Sandbox for the Web aims to reduce cross-site tracking while helping to
keep online content and services free for all.
Privacy Sandbox also
helps to limit other forms of tracking, like
fingerprinting,
Fingerprinting
Information collected about a person’s software and hardware for the
purpose of identification.
by restricting the amount of information sites can access so that your
information stays private, safe, and secure.
The Privacy Sandbox Timeline for the Web
The Privacy Sandbox proposals are in various stages of the development process. This timeline reflects when we expect new privacy-preserving APIs and other technologies to be ready in support of key use cases, so that Chrome can responsibly phase out third-party cookies. Information may change and will be updated monthly.
The proposals are being developed in public forums, in collaboration with members of the industry. We also continue to work with the UK's Competition and Markets Authority in line with the commitments we offered for Privacy Sandbox for the web. We encourage participation through the many public feedback channels that inform development of the proposals. Stakeholders can also use this form to share feedback directly with Chrome.
Last Update: November 2024
Third-Party Cookies (3PC) and Testing
-
Opt-in Testing with Labels Chrome will provide developers an experiment label for independent testing and simulation of third-party cookie deprecation.
-
1% 3PC Deprecation Chrome will deprecate third-party cookies for 1% of Chrome users globally.
-
Third-Party Cookie Phase Out * We envision proceeding with third-party cookie deprecation starting early 2025, subject to resolving any remaining concerns with the CMA.
- 2021
- 2022
- 2023
- 2024
Third-party cookies phases: Opt-in testing with labels: Q4 2023 through Q3
2024; 1% Third-party cookies deprecation: Q1 2024 through Q4 2024;
Third-party cookies phase out: Q1 2025
Timeline update pending
Please read our July 2024 announcement for an important update regarding third-party cookies in Chrome.
Timeline update pending
Please read our July 2024 announcement for an important update regarding third-party cookies in Chrome.
* Subject to resolving any remaining concerns with the CMA.
Privacy Sandbox APIs
-
Discussion The technologies and their prototypes are discussed in forums such as GitHub or W3C groups. Some limited testing of solutions might happen at this stage to facilitate discussions.
-
Pre-Launch Testing The technologies for the use case are available for testing via Chrome origin trials or other pre-launch methods. Changes may be made based on testing results and ecosystem feedback.
-
General Availability The technologies for the use case are launched and available for 100% of Chrome traffic. Chrome expects refinements and optimizations as more companies test and use the APIs over time.
- 2021
- 2022
- 2023
- 2024
Fight spam and fraud on the web
Fight spam and fraud on the web proposals phases: Testing period: Q1 2021
through the end of Q3 2022; Transition period, stage 1: Q4 2022 through the
end of Q2 2023; Transition period, stage 2: Q3 2023.
- OT STARTED Private State Tokens API: The origin trial has been open since Q3 of 2020. Register Now
- OT CLOSED Private State Tokens API: The origin trial for Private State Tokens API ran from Chrome 84 - 101.
Show Relevant Content and Ads
Show relevant content and ads proposals phases: Discussion period: Q1 2021
through the end of Q4 2021; Testing period: Q1 2022 through the end of Q3
2022; Transition period, stage 1: Q4 2022 through the end of Q2 2023;
Transition period, stage 2: Q3 2023
- OT STARTED Topics API: The origin trial for Topics API was announced in Q1 2022 and started in April 2022. Register Now
- OT CLOSED Topics API: The origin trial for Topics API ran from Chrome 101 to 115.
- FEATURE FLAG Protected Audience API: The feature flag is available from Chrome 91. Read More
- OT STARTED Protected Audience API: The origin trial for Protected Audience API was announced in Q1 2022 and started in April 2022. Register Now
- OT CLOSED Protected Audience API: The origin trial for Protected Audience API ran from Chrome 101 to 115.
Measure digital ads
Measure digital ads proposals phases: Discussion period: Q1 2021 through the
end of Q4 2021; Testing period: Q1 2022 through the end of Q3 2022;
Transition period, stage 1: Q4 2022 through the end of Q2 2023; Transition
period, stage 2: Q3 2023
- OT STARTED
- OT CLOSED Attribution Reporting API: The first origin trial for the Attribution Reporting API ended on January 25, 2022. Read more
- OT STARTED Attribution Reporting API: The second origin trial for Attribution Reporting API, which includes support for aggregate measurement and view-through conversions, was announced in Q1 2022 and started in April 2022. Register Now
- OT CLOSED Protected Audience API: The origin trial for Protected Audience API ran from Chrome 101 to 115.
Strengthen Cross-site Privacy Boundaries
Strengthen Cross-site Privacy Boundaries proposals phases: Discussion
period: Q1 2021 through the end of Q1 2022; Testing period: Q2 2022 through
the end of Q3 2022; Transition period, stage 1: Q4 2022 through the end of
Q2 2023; Transition period, stage 2: Q3 2023.
- FEATURE FLAG Related Website Sets API: The feature flag is available from Chrome 89. Read More
- OT STARTED
- OT CLOSED Related Website Sets API: The origin trial for FPS ran from Chrome 89-93.
- FEATURE FLAG Related Website Sets API: The feature flag is available from Chrome 108. Read More
- OT STARTED Shared Storage API: The Origin Trial has been open since Q2 of 2022. Register Now
- OT CLOSED Shared Storage API: The origin trial for Shared Storage API ran from Chrome 101 to 115.
- OT STARTED CHIPS API: The origin trial has been open since Q1 of 2022. Register Now
- OT CLOSED The origin trial for CHIPS ended in Chrome 106. CHIPS will start rolling out to Chrome stable in February 2023.
- OT STARTED Fenced Frames API: The Origin Trial has been open since Q2 of 2022. Register Now
- OT CLOSED Fenced Frames API: The origin trial for Fenced Frames API ran from Chrome 101 to 115.
- OT STARTED Federated Credential Management API: The Origin Trial has been open since Q2 of 2022. Register Now
- OT CLOSED Federated Credential Management API: The origin trial for Fed CM ran from Chrome 101-107. Federated Credential Management API is now shipping to 100%. Read More
The Privacy Sandbox initiative also includes efforts designed to limit covert tracking. These include proposals that address specific covert tracking techniques such as fingerprinting and network-level tracking.
The Privacy Sandbox Proposals for the Web
Private State Tokens
Private state tokens will help websites distinguish real people from bots or malicious attackers. Based on your behavior on a site, like regularly signing into an account, a site can choose to issue a private state token to your browser. The token can then be checked by other sites that want to verify that you’re a human, and not a bot. Private state tokens are encrypted, so it isn't possible to identify an individual or connect trusted and untrusted instances to discover your identity.
Topics API
Topics are recognizable categories that the browser infers based on the pages you visit. With Topics, the specific sites you’ve visited are no longer shared across the web, like they might have been with third-party cookies. In Chrome, you will be able to see the topics and remove any you don’t like, or disable them completely in Settings.
FLoC API
FLoC was a proposal in the Privacy Sandbox designed to cluster people with similar browsing patterns into large groups, or "cohorts". This "safety in numbers" approach was designed to effectively blend any individuals into a crowd of people with similar interests. The development of FLoC stopped in 2021.
Protected Audience API
Protected Audience API is a new way to address remarketing, ie. reminding you of sites and products you’ve been interested in, without relying on third-party cookies. As you move across the web, the sites of advertisers you’ve visited can inform your browser that they would like a chance to show you ads in the future. They can also directly share information with your browser including the specific ads they'd like to show you and how much they'd be willing to pay to show you an ad. Then, when you visit a website with ad space, an algorithm in your browser helps inform what ad might appear.
Attribution Reporting API
Marketers currently rely on third-party cookies to gather data about a person’s browsing activity and how they respond to ads. To allow advertisers to place relevant ads and study their effectiveness in a privacy preserving way, the Privacy Sandbox will replace third-party cookies with new measurement and reporting tools that will prevent people from being identified across different websites. This includes several connected proposals.
Related Website Sets
Current attempts to restrict cross-site tracking don't address a common scenario: one organization may have related sites with different domain names, and may need to load resources like videos or perform other activities across those domains.
This Privacy Sandbox proposal allows domains that belong to the same entity to declare themselves as a "Related Website Set". Outside of the Related Website Set, the exchange of information is restricted to protect people’s privacy.
Shared Storage API
To prevent cross-site tracking, browsers are starting to separate all forms of storage, e.g. caches, localStorage etc. However, there are many legitimate cases where shared storage is needed, and this proposal aims to address them. It will provide "shared storage" that isn’t partitioned, but ensures the data in it can only be read in a secure environment.
CHIPS
Sometimes, embedded services such as chat widgets or embedded maps need to know about your activity on the given site to work properly. Privacy Sandbox introduces partitioned cookies a.k.a. CHIPS (Cookies Having Independent Partitioned State) that will indicate to browsers that the necessary cookie is allowed to work "across sites" only between the site in question and an embedded widget.
Fenced Frames API
Fenced frames are a type of embedded frame, like an iframe, that can’t communicate with the host page. This makes it safe for the fenced frame to have access to its unpartitioned storage since it will not be able to join its identifier with the top site.
Federated Credential Management
Federated Credential Management aims to bridge the gap for the federated identity designs which relied on third-party cookies. The API provides the primitives needed to support federated identity when/where it depends on third-party cookies, from sign-in to sign-out and revocation.
User-Agent Client Hints
The User-Agent string specifies details about the browser and device you use so that sites you visit render and function well. However, it is also a significant surface for so-called passive fingerprinting. Client Hints API enables sites to request the information they need directly and will eventually reduce details contained in the User-Agent string, limiting the information shared about you online.
User-Agent Reduction
User-Agent (UA) reduction is the effort to minimize the identifying information shared in the User-Agent string which may be used for passive fingerprinting.
DNS-over-HTTPS
DNS-over-HTTPS is a protocol that encrypts Domain Name System (DNS) queries and responses by encoding them within HTTPS messages. This helps prevent attackers from observing what sites you visit or sending you to phishing websites.
IP Protection
IP Protection is Privacy Sandbox's proposal to hide your IP address. It will hide users' IP addresses from third parties that could be using IP to track users across sites.
Privacy Budget
Privacy Budget was a proposal that restricted the amount of identifying information that a site is allowed to access, in order to help prevent the user from being uniquely identifiable. The Privacy Budget is no longer an active proposal as of January 2024.
Storage Partitioning
Storage Partitioning will isolate some web platform APIs used for storage or communication if used by an embedded service on the site, ie. in the third-party context. This effort will help make the web more private and secure while largely maintaining web compatibility with existing sites.
Network State Partitioning
A browser’s network resources, such as connections, DNS cache, and alternative service data are generally shared globally. Network State Partitioning will partition much of this state to prevent these resources from being shared across first-party contexts. To do this, each request will have an additional "network partition key" that must match in order for resources to be reused.
This extra key will protect user privacy by making it so that sites will not be able to access shared resources and metadata learned from loading other sites.
Bounce Tracking Mitigations
Bounce tracking mitigations reduce or eliminate the ability of bounce tracking to recognize people across contexts, without breaking supported use cases valued by the user that are implemented using stateful redirects.
Frequently Asked Questions
Not necessarily. Chrome is focused on developing proposals that support key use cases. The set of proposals solving for a particular use case (for example, showing relevant content and ads) may change and evolve over time, with web community feedback and testing. The APIs shown on the timeline are based on current expectations and might change.
The timeline is specific to key use cases related to Chrome’s plan to phase out third-party cookies. The technologies solving for the second goal of the Privacy Sandbox initiative — prevent covert tracking — will follow separate timelines, as noted above.
Origin trials are one method of testing new web technologies in Chrome. "OT" labels are shown when a Chrome origin trial has been publicly announced, is in progress, or has concluded. We will add new origin trials, and other forms of available testing, on the timeline as part of the monthly updates.
Chrome's origin trial registration page provides information for origin trials that are live or starting soon. Click the "Register" button for an active origin trial to see planned start and end dates. Note, it’s common to extend origin trials when further testing is needed. It is also common for technologies to go through multiple origin trials as they are refined.
The “General Availability” milestone reflects when Chrome expects each use case to be supported globally. It is common for testing to begin with a limited population and gradually expand. We are committed to making all of the Privacy Sandbox technologies available for testing worldwide before they launch.
This timeline reflects the use cases Chrome expects to support before phasing out third-party cookies. Many of the proposed technologies shown on the timeline incorporate concepts and feedback from industry and ecosystem stakeholders. We'll continue to engage publicly and review other proposals as we consider the best way to address critical use cases that support the open web ecosystem.
While features are in development they are often made available behind one or more temporary flags (off by default) that can be used to enable and configure their behavior for local developer testing purposes. This may be as command line flags that need to be passed in when launching Chrome or as options in the chrome://flags browser interface.
When a feature is initially made available for testing, typically through a feature flag, the focus is generally on functional testing. This means that the stability and shape of a feature could change quickly in this period. As development progresses and features become more stable, the focus shifts to wider scale effectiveness testing, often through Origin Trials, to understand the performance of the feature against its intended use cases at scale. Both the functional and effectiveness testing will be done in compliance with our commitments to the CMA. In particular, the commitments set out Development and Implementation Criteria against which the PS technologies must be evaluated through effectiveness testing. Read more about how we collaborate with stakeholders to discuss, test, and adopt privacy-preserving technologies.
Chrome works with a broad group of stakeholders throughout the web ecosystem – including web browsers, online publishers, ad tech companies, advertisers, developers, and users – to build and test Privacy Sandbox technologies. Additionally, Chrome continues to work with regulators, including the UK's Competition and Markets Authority in line with the commitments offered for Privacy Sandbox for the Web.
Chrome is launching new ad privacy features. We want people to be aware of what's changing and how the changes offer more control over how your data is used in the ads you see. Some users may not be familiar with the term Privacy Sandbox, and “ad privacy” is a straightforward way to describe these controls.
All users will have robust controls, and can opt out of the Privacy Sandbox relevance and measurement technologies at any point. You can learn more about controlling your ad privacy in Chrome here.
The Privacy Sandbox technologies improve user privacy by enabling companies to select and measure ads without identifying or tracking individual users across sites and without relying on third-party cookies. Chrome made these technologies available in 2023 so that companies have time to integrate them ahead of planned removal of third-party cookies in 2025. Users may not notice immediate changes in the advertising they see, but they will have new controls and gain more insight into how companies are able to use the Privacy Sandbox technologies to deliver and measure the ads they see (more information).
While we cannot provide legal advice, we can share our responses to frequently asked questions and provide information about the APIs that can help those responsible for privacy-related compliance decisions.
- This timeline reflects Chrome’s best estimates, as of November 2024, of the timing of the key Privacy Sandbox use cases, including the availability of origin trials, readiness at scale of the listed APIs, and ending support for third-party cookies. Dates are subject to change. Chrome will update this timeline monthly with current estimates.
- General Availability will start once APIs for all of the use cases are ready for scaled adoption. Chrome will announce the start of the transition period on this site and on the Keyword blog.
- The timeline lists the use cases that Chrome plans to support before the transition period: Fighting spam and fraud on the web; Measuring digital ads; Showing relevant content and ads; Strengthening cross-site privacy boundaries. The APIs listed under each use case reflect Chrome’s current proposals to support this use case. The specific APIs are subject to change.