SameSite=Lax demo

Navigate to and use the tool there to set a SameSite=Lax cookie.

Come back here and try navigating back to that site using these two methods:

This link: - do you see the cookie you set?

Now fire up the browser developer tools network panel and click this button - did it send the cookie header?

Cookies on the other domain as an SVG image embedded from

JSON data returned by fetch("", {credentials: "include"})




That endpoint has these CORS headers: