SameSite Cookie Status:
Run another test from the External Site.
Since you arrived here as part of a cross-site request from
your browser will have checked the SameSite cookie attribute and only sent cookies that were allowed for
this specific request. All other cookies will have been blocked.
SameSite=Strict) should never sent on cross-site requests.
SameSite=Lax) should only be sent on cross-site
SameSite=None; Secure) should always be sent on cross-site requests.
SameSite=None) is invalid and should never rejected by the browser and never sent. (Note, your browser may not block these cookies yet.)
SameSiteattribute) will always be sent on cross-site reqursts until your browser rolls out
An experiment by Stephen Rees-Carter for "CSRF is dead (or is it?)" and "SameSite Cookies Deep Dive".
Source Code on GitHub, PRs welcome.