State Partitioning - Privacy on the Web
Fleeting- External reference: https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning
Storage is first partitioned according to top-level sites—so for example, if you have one opened page at a.com that embeds an iframe from b.com, and another page opened to b.com, then the iframe cannot communicate with the second page despite them being technically same-origin.
— https://developer.mozilla.org/en-US/docs/Web/API/Broadcast_Channel_API#browser_compatibility
generally, a third-party embedded in one top-level site cannot access data stored under another top-level site
— https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning
if accessible storage is partitioned by top-level site, access to a third-parties unpartitioned cookies can still be granted if the Storage Access API is supported:
using the Storage Access API. automatically, such as for third-parties providing federated login. Details about automatic grants are provided in the Storage Access Heuristics section.
— https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning
improve web compatibility, Firefox currently includes some heuristics to grant unpartitioned access to cookies automatically to third parties that receive user interaction
— https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning
Warning: Storage access heuristics are a transitional feature meant to prevent website breakage. They should not be relied upon for current and future web development
— https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning
When a partitioned third-party opens a pop-up window that has opener access to the originating document, the third-party is granted storage access to its embedder for 30 days. When a first-party a.example opens a third-party pop-up b.example, b.example is granted third-party storage access to a.example for 30 days.
— https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning