SameSite Cookie Status: GET
"StrictCookie" ❌
"LaxCookie" ❌
"SecureNoneCookie" ❌
"NoneCookie" ❌
"DefaultCookie" ❌
Run another test from the External Site.
Since you arrived here as part of a cross-site request from samesitetest-external.com,
your browser will have checked the SameSite cookie attribute and only sent cookies that were allowed for
this specific request. All other cookies will have been blocked.
SameSite=Strict) should never sent on cross-site requests.SameSite=Lax) should only be sent on cross-site GET requests.SameSite=None; Secure) should always be sent on cross-site requests.SameSite=None) is invalid and should never rejected by the browser and never sent. (Note, your browser may not block these cookies yet.)SameSite attribute) will always be sent on cross-site reqursts until your browser rolls out SameSite=Lax by default.
An experiment by Stephen Rees-Carter for "CSRF is dead (or is it?)" and "SameSite Cookies Deep Dive".
Source Code on GitHub, PRs welcome.