State Partitioning

Understanding how browsers isolate storage to prevent cross-site tracking while preserving web functionality

Introduction: The Privacy Evolution of Browser Storage

Modern web applications rely heavily on client-side storage to deliver seamless user experiences--from remembering shopping cart contents to maintaining authenticated sessions. However, the same mechanisms that enable convenience have historically provided trackers with powerful tools to monitor user behavior across the web.

State Partitioning is a browser privacy mechanism that isolates storage access based on the combination of the resource's origin and the top-level site context in which it's embedded. Rather than allowing third-party content to access a unified storage bucket keyed solely by origin, browsers now partition storage so that the same third-party embedded across different websites cannot share or correlate user data between those contexts.

This approach emerged from recognizing that traditional cookie and storage policies--which typically operated on binary allow/block decisions--created both privacy vulnerabilities and compatibility challenges for legitimate third-party integrations.

The Problem: Cross-Site Tracking Through Shared State

Traditional Storage Behavior

To appreciate what State Partitioning accomplishes, it's important to understand the tracking vulnerability it addresses. In the traditional web storage model, browsers keyed client-side state--cookies, localStorage, IndexedDB, and other mechanisms--primarily by the origin of the resource accessing them.

This meant that when a third-party iframe from analytics.example was embedded in both site-a.com and site-b.com, that iframe could read and write a shared storage bucket keyed simply as analytics.example. A user visiting both websites would present the same identifier to the embedded analytics script, enabling the tracker to build a comprehensive profile of browsing behavior across unrelated sites.

The Tracking Exploitation Mechanism

The exploitation mechanism was deceptively simple but powerful. When a user visited a website containing embedded content from a tracker--often through advertising networks, analytics scripts, or social media widgets--the tracker would deposit a unique identifier into the browser's storage keyed to its own domain. When the user subsequently visited any other website containing embedded content from the same tracker, that third-party iframe could retrieve the previously deposited identifier, establishing a connection between the two visits.

Key Insight

By aggregating connections over time, trackers constructed detailed profiles of user interests, habits, and behaviors without the user ever directly interacting with the tracker's website.

How State Partitioning Works

The Double-Key Mechanism

State Partitioning addresses this vulnerability by fundamentally changing how browsers key client-side storage. Rather than using a single key based on the resource's origin, browsers now use a compound key that includes both the origin of the resource accessing storage and the top-level site context in which that access occurs.

This means that when the same third-party iframe from analytics.example is embedded in both site-a.com and site-b.com, it now receives two completely separate storage buckets: one for the analytics.example embedded in site-a.com context, and a different one for the analytics.example embedded in site-b.com context.

The top-level site is determined by the scheme and registrable domain of the page the user is actively viewing--the first-party context. This partitioning logic applies to every storage access, ensuring that third-party content receives isolation that matches the privacy expectations of users browsing different sites.

Static Partitioning: Network and Cache Isolation

Static partitioning refers to browser storage and networking mechanisms that are always partitioned and cannot be relaxed through user settings or developer intervention:

HTTP Cache - Prevents cache-based cross-site fingerprinting
DNS Resolutions - Isolates DNS queries by top-level site
TCP Connection Pools - Prevents connection reuse across sites
TLS Session Identifiers - Isolates TLS session state
Favicon Cache - Partitions favicon storage

The rationale for permanent partitioning is that these mechanisms were never designed as storage APIs but have been historically exploitable for tracking purposes.

Dynamic Partitioning: User-Controlled Storage Access

Dynamic partitioning applies to JavaScript-accessible storage APIs where legitimate use cases sometimes require cross-site access:

Cookies - Third-party cookies now partitioned by default
localStorage - Isolated by origin + top-level site
sessionStorage - Session-scoped partition isolation
IndexedDB - Partitioned database access
Cache API - Programmatic caching per partition

Unlike static partitioning, dynamic partitioning can be relaxed through explicit user gestures or developer APIs, acknowledging that some web functionality genuinely requires cross-site storage access.

Affected Browser APIs

Storage APIs Under Partitioning

The scope of State Partitioning extends across virtually every browser storage mechanism:

API	Partitioned	Notes
localStorage	Yes	Per-partition key-value storage
sessionStorage	Yes	Session-scoped partition isolation
IndexedDB	Yes	Quota calculated per partition
Cache API	Yes	Network request caching per partition
Cookies	Yes	Third-party cookies by default

Communication APIs Under Partitioning

Beyond traditional storage, State Partitioning affects browser APIs that enable communication between browsing contexts:

BroadcastChannel - Communication restricted to same-partition contexts
SharedWorker - Worker threads isolated by partition
Web Locks API - Lock coordination per partition
Service Workers - Third-party SWs fully partitioned

Storage API Updates

The Storage API, which provides standardized access to storage estimates and quotas, reports information specific to the current partition. The navigator.storage.estimate() method returns quota and usage for the current partition only.

Browser Implementation Status

Chrome and Chromium-Based Browsers

Chrome began rolling out storage partitioning incrementally starting in 2023, with full availability for all users from Chrome 115 onward. The implementation affects all Chromium-based browsers, including Edge (from version 119), Opera, and others.

Chrome's implementation includes a deprecation trial mechanism that provides temporary relief for sites needing additional migration time. Sites can opt into a trial that allows unpartitioned storage access for embedded third-party content for a limited period.

Testing flag: --disable-features=ThirdPartyStoragePartitioning (development use only)

Firefox Implementation

Firefox implemented State Partitioning under the name "dynamic partitioning" and enabled it by default starting with Firefox 103. Mozilla's implementation reflects the organization's commitment to privacy as a core browser value.

Firefox provides comprehensive console logging that helps developers understand when storage is being partitioned, including messages indicating when storage access is partitioned, when unpartitioned access is granted through heuristics, and when the Storage Access API is used.

Safari and WebKit

Safari implements storage partitioning as part of its Intelligent Tracking Prevention system. Apple's implementation emphasizes user privacy by default, with partitioning applied automatically based on its tracking detection algorithms.

115+

Chrome Version

103+

Firefox Version

119+

Edge Version

Debugging and Development Tools

Browser Developer Tools Integration

Modern browser developer tools provide support for inspecting partitioned storage behavior:

Firefox Storage Inspector - Shows origin and top-level site context for storage
Chrome Application Panel - Displays storage usage broken down by partition context
Console Logging - Explicit messages indicate when partitioning affects storage access

Testing Strategies

Testing applications under State Partitioning requires creating scenarios that simulate different embedding contexts:

Test embedded in an iframe on a different-origin page
Verify all storage mechanisms (cookies, localStorage, IndexedDB, Cache API)
Check communication APIs (BroadcastChannel, SharedWorker)
Validate Storage Access API integration

Chrome Demo: storage-partitioning-demo.glitch.me provides a visual demonstration of partitioning effects on different storage mechanisms.

For teams building web applications with third-party integrations, understanding these debugging tools is essential for maintaining functionality while respecting user privacy.

Storage Access API and Exceptions

Requesting Unpartitioned Access

The Storage Access API provides a standardized mechanism for embedded content to request unpartitioned storage access:

// Request storage access
document.requestStorageAccess().then(
 () => {
 // Access granted - can use unpartitioned storage
 console.log('Storage access granted');
 },
 () => {
 // Access denied
 console.log('Storage access denied');
 }
);

The API returns a Promise that resolves if the user grants permission. Browsers may present permission prompts or grant access based on user interaction patterns.

Storage Access Heuristics

Browsers implement heuristics that automatically grant unpartitioned access in common scenarios:

Opener Heuristic - When a partitioned third-party opens a pop-up that the user interacts with, the third-party gains storage access for 30 days
Navigation Heuristic - If a user navigates between related sites quickly and returns, temporary access may be granted

These heuristics recognize that some cross-site storage patterns are fundamental to web functionality, including federated identity systems and embedded AI agent workflows that require persistent state.

Best Practices for LLM and Agent Applications

Designing for Partitioned Storage

Applications built with LLM agents and AI systems often require sophisticated state management. Under State Partitioning:

Recommended Approach: Design state storage around first-party mechanisms rather than relying on third-party storage that could be partitioned. When an LLM agent widget is embedded in a customer's website, store state on the first-party domain (via postMessage communication) rather than attempting to maintain cross-site state on your own domain.

Our AI automation services help organizations design LLM-powered applications that work correctly with browser privacy mechanisms while delivering powerful functionality to end users.

Federated Identity and Authentication

Identity systems face particular challenges because authentication state has traditionally relied on cross-site cookie access:

Use the Storage Access API for identity providers to maintain cross-site functionality
Consider FedCM (Federated Credential Management API) for newer implementations
Design authentication flows that work with partitioned cookies

Monitoring and Analytics

Analytics embedded as third-party content face significant changes:

User tracking across sites through shared identifiers no longer functions
Analytics that should track behavior within a single site work correctly
Consider server-side aggregation for cross-site analytics

Use Case	Approach
Single-site analytics	Partitioned storage works correctly
Cross-site analytics	Use Storage Access API or server-side aggregation
User preferences	Store in first-party context
Conversation state	Use first-party storage via postMessage

Cookie Partitioning and CHIPS

CHIPS (Cookies Having Independent Partitioned State) is a specification focused specifically on cookie behavior:

Cookies can be marked as Partitioned
Partitioned cookies only sent to origin when embedded in same top-level site
Unmarked cookies follow traditional third-party rules

Set-Cookie: session=abc123; Partitioned; Secure; SameSite=None

Related Website Sets

Related Website Sets (formerly "First-Party Sets") provide a mechanism for declaring groups of domains that should be treated as equivalent:

Organizations can declare related domains
Browsers treat declared domains as single first-party context
Enables legitimate cross-domain functionality
Implementation varies by browser

Related Resources

Migration and Compatibility

Auditing Third-Party Dependencies

Before migration, audit all third-party dependencies:

Identify advertising networks, analytics providers, chatbot widgets, social media embeds
Determine what storage mechanisms each dependency uses
Contact vendors about their partitioning migration plans
Test each dependency under partitioning conditions

Implementing Fallbacks

For dependencies needing additional migration time:

Graceful fallbacks - Maintain core functionality without cross-site storage
First-party storage - Shift state to customer-owned domains
Server-side state - Implement server-side state management
Deprecation trial - Chrome's temporary relief mechanism for migration

Long-Term Compatibility

Focus on architectural patterns that work regardless of partitioning status:

Shift state management to first-party mechanisms
Implement server-side state for cross-session data
Design UX that gracefully handles reduced cross-site functionality
Monitor browser updates and policy changes

Partner with our web development team to audit and update your third-party integrations for the privacy-first web.

Frequently Asked Questions

Build Privacy-First Web Applications

Learn how to design web applications that respect user privacy while delivering powerful functionality. Explore our guides on Storage Access API, federated identity, and modern authentication patterns.