SameSite SameOrigin?

What is a site? What is an origin? Are they the same interchangably?

What’s cross site? What’s cross origin?

In short, site is eTLD + 1, origin is scheme, host, and port.

What is eTLD? eTLD is effective top-level domain.

What is effective top-level domain? It is one of the domains listed in the Public suffix list: https://publicsuffix.org/list/. (e.g. com, ny.us, github.io, etc). The list gets a little wild.

So site being eTLD + 1, an example is mySite.com, or food.ny.us, or hello.github.io.

Ref:

This blog post is very informative, worth a read: https://jub0bs.com/posts/2021-01-29-great-samesite-confusion/

Info on SameSite cookies: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite