Preparing for Privacy Sandbox: What is Storage Access API?

Chrome is gradually phasing out support for third-party cookies to reduce cross-site tracking. This creates a challenge for sites and services that rely on cookies in embedded contexts for user journeys like authentication. The Storage Access API (SAA) allows these use cases to continue while limiting cross-site tracking as much as possible.

What is the Storage Access API?

The Storage Access API is a JavaScript API for iframes to request access to storage permissions that would otherwise be denied by browser settings. Embedded elements with use cases dependent on loading cross-site resources can use this API to request access from the user when needed.

If the storage request is granted, the iframe will be able to access cross-site cookies, just like it would if the user visited that site as a top-level context.

While it prevents general cross-site cookie access often used for user tracking, it allows specific access with minimal burden on the user.

Use cases

Some third-party embedded elements require access to cross-site cookies to provide a better user experience — something that will no longer be possible after third-party cookies are disabled.

Use cases include:

• Embedded comment widgets that require login session details.
• Social media “Like” buttons that require login session details.
• Embedded documents that require login session details.
• A top-level experience delivered within an embedded video player (e.g., not showing ads to logged-in users, knowing user caption preferences, or restricting certain video types).
• Embedded payment systems.

Many of these use cases involve maintaining login access within embedded iframes.

Using the hasStorageAccess() method

When a site first loads, the hasStorageAccess() method can be used to check whether access to third-party cookies has already been granted.

// Set a hasAccess boolean variable which defaults to false.

let hasAccess = false;



async function handleCookieAccessInit() {

  if (!document.hasStorageAccess) {

    // Storage Access API is not supported so best we can do is

    // hope it's an older browser that doesn't block 3P cookies.

    hasAccess = true;

  } else {

    // Check whether access has been granted via the Storage Access API.

    // Note on page load this will always be false initially so we could be

    // skipped in this example, but including for completeness for when this

    // is not so obvious.

    hasAccess = await document.hasStorageAccess();

    if (!hasAccess) {

      // Handle the lack of access (covered later)

    }

  }

  if (hasAccess) {

    // Use the cookies.

  }

}

handleCookieAccessInit();